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Introduction 


Rum  is  a  theory  of  the  description  and  structure  of  applicative,  side-effect 
free  computations  over  an  arbitrary  algebraic  data  structure.  This  theory  goes 
beyond  a  theory  of  functions  computed  by  programs,  providing  tools  for  treating 
both  intensional  and  extensional  aspects  of  computation.  Properties  of  powerful 
programming  tools  such  as  functions  as  values,  streams,  object  oriented  program¬ 
ming,  escape  mechanisms,  and  co-routines  can  be  represented.  Precise  definitions 
of  informal  concepts  such  as  stream  ajid  co-routine  are  given  and  their  mathe¬ 
matical  theory  is  developed.  The  point  is  not  only  to  account  for  programming 
practice,  but  also  to  improve  practice  by  providing  mathematical  tools  for  de¬ 
veloping  programs  and  building  programming  systems.  Among  the  intensional 
properties  that  can  be  treated  are  the  number  of  multiplications  executed,  the 
number  of  context  switches,  and  the  maximum  stack  depth  required  in  a  com¬ 
putation.  Among  the  extensional  properties  are  notions  of  equality  for  streams 
and  co-routines  and  characterization  of  functionals  implementing  strategies  for 
searching  tree-structured  spaces.  A  variety  of  operations  on  programs  are  treated 
including  program  transformations  which  introduce  functional  and  control  abstrac¬ 
tions;  a  compiling  morphism  that  provides  a  representation  of  control  abstractions 
as  functional  abstractions;  and  operations  that  transform  intensional  properties  to 
extensional  properties.  There  is  a  rich  hierarchy  of  approximation  and  equivalence 
relations  on  programs  ranging  from  equivalence  as  descriptions  of  computation  to 
equivalence  as  functions.  These  relations,  combined  with  the  interpretation  of  pro¬ 
grams  using  computation  structures,  provide  operations  on  programs  both  with 
meanings  to  preserve  and  meanings  to  transform. 

An  important  motivation  and  guide  has  been  the  desire  to  understand  the 
construction  and  use  of  computation  systems  such  as  Lisp.  We  call  this  body  of 
work  symbolic  computation.  Our  goal  is  to  provide  a  mathematical  context  where 
diverse  aspects  of  computation  can  be  represented  and  new  ideas  can  be  explored 
and  developed.  A  few  such  aspects  are 

■  functions  as  values  -  the  value  of  a  lambda  expression  in  an  environment  is 
a  closure  with  the  interpretation  of  free  variables  of  the  expression  fixed  to 
be  that  given  by  the  evaluation  environment.  Functional  abstractions  such  as 
closures  can  be  used  to  represent  structured  data  such  as  tuples  and  streams, 
to  represent  the  continuation  of  a  computation,  to  describe  delayed  or  lazy 
evaluation,  and  to  represent  objects  in  the  object  oriented  style  of  computation 
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where  objects  contain  the  information  about  operations  that  can  be  applied 
to  them  rather  than  the  usual  situation  where  operations  contain  information 
about  the  objects  to  which  they  apply. 

•  computation  contexts  as  values  -  objects  called  continuations  represent  com¬ 
putation  contexts  -  the  component  of  computation  states  that  describes  how 
computations  are  to  continue.  Control  abstractions  such  as  continuations  can 
be  used  to  describe  computation  mechanisms  such  as  non-local  jumps  (escap¬ 
ing)  and  co-routining. 

■  programs  as  data  -  programs  may  operate  on  other  programs  to  interpret, 
compile,  optimize,  expand  macro  definitions,  and  to  generate  derived  pro¬ 
grams  that  compute  intensional  properties  of  a  given  program 

■  computation  states  as  data  -  used  in  tools  for  writing  and  debugging  pro¬ 
grams  such  as  program  editors,  tracing,  and  in  tools  for  interacting  with  a 
machine  during  a  computation  such  as  single  steppers,  breakpoints  and  the 
Lisp  command  baktrace  which  presents  a  brief  summary  of  the  events  leading 
to  the  current  computation  state. 

About  Rum. 

In  the  Lisp  community,  people  traditionally  speak  of  vanilla  Lisp  when  refer¬ 
ring  to  the  pure  first-order  fragment  which  has  a  simple  interpretation  in  terms 
of  partial  functions  on  S-expressions.  Following  this  tradition  (and  being  fond  of 
rum-raisin  ice  cream)  we  have  chosen  to  call  our  flavor  of  Lisp  rum,  and  we  use 
Rum  to  refer  to  the  theory  we  have  developed  about  this  flavor. 

Our  work  draws  on  ideas  and  results  from  several  areas  of  computer  science 
and  logic.  Of  particular  significance  for  the  present  work  are  (in  chronological 
order) 

Kleene  -  the  basic  concepts  of  recursion  theories  and  their  formalization 
McCarthy  -  conditional  expressions  as  recursive  descriptions  of  computation 
Landin  -  closures  as  interpretation  of  lambda  expressions  in  an  environment 
Moschovakis  -  recursion  on  abstract  structures 
Scott  -  extensional  models  of  the  lambda  calculus 

Morris,  Wadsworth  -  lambda  abstraction  to  represent  computation  contexts 
Feferman  -  non-extensional  theories  and  inductively  presented  formal  systems 

In  addition  many  ideas  have  come  from  studying  examples  of  computing  with 
closures  and  continuations  provided  by  Burstall,  Sussman,  Steele,  Friedman,  Wand 
and  others. 
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In  order  to  facilitate  natural  representation  of  diverse  aspects  of  computation, 
Rum  has  a  rich  ontology  with  a  mixture  of  syntactic  and  semantic  notions.  Sym¬ 
bolic  expressions  called  forms  are  the  basic  syntactic  entities.  A  computation  is 
described  by  a  form  closed  in  an  environment  that  assigns  values  to  the  free  symbols 
of  the  form.  Computation  primitives  include  conditional,  application,  abstraction 
and  sequence  formation.  There  are  functional  abstractions  called  pfns  which  are 
analogous  to  partial  functions  but  contain  information  about  how  they  are  to  be 
computed.  There  are  control  abstractions  called  continuations  which  represent 
computation  contexts.  In  order  to  treat  both  functional  and  context  dependent 
aspects  of  computation  naturally,  we  consider  two  basic  structures  for  representing 
computation  -  trees  and  sequences.  Tree-structured  computation  is  characterized 
by  two  relations:  evaluation  which  relates  descriptions  to  the  value  returned  by 
the  computation  described  and  subcomputation  which  provides  the  tree  structure 
of  computation.  An  important  subrelation  of  subcomputation  is  reduees-to  which 
identifies  subcomputations  that  can  simply  replace  the  main  computation,  rather 
than  returning  a  value  to  a  saved  context.  Sequential  computation  is  carried  out 
by  generating  sequences  of  computation  states  using  the  step  relation.  Computa¬ 
tion  states  are  composed  of  a  continuation  and  a  current  subcomputation.  The 
structure  of  computation  states  and  the  step  relation  are  derived  naturally  from 
tree-structured  computation.  This  has  the  consequence  that  many  tools  for  prov¬ 
ing  properties  of  tree-structured  computation  can  be  generalized  to  programs  in 
which  context  dependence  is  localized. 

Two  basic  results  about  tree-structured  computation  are  the  recursion  theo¬ 
rem  and  a  computation  induction  principle.  The  recursion  theorem  gives  a  recur¬ 
sion  pfn  that  computes  a  computationally  least  fixed  point  of  pfns  which  compute 
functionals  and  thus  provides  a  means  of  definition  by  recursion.  Computation 
induction  expresses  the  fact  that  the  subcomputation  relation  is  well-founded  for 
computations  which  return  a  value  and  thus  provides  a  tool  for  proving  properties 
of  progreims.  An  important  theorem  about  sequential  computation  is  that  the 
computation  described  by  a  form  closed  in  an  environment  will,  uniformly  with 
respect  to  the  context,  either  return  a  value  to  any  calling  context,  transfer  control 
to  another  context,  or  not  return  a  value. 

A  class  of  comparison  relations  is  defined  for  tree-structured  computation 
that  includes  both  approximation  and  equivalence  relations  on  descriptions.  Each 
comparison  relation  corresponds  to  forgetting  selected  details  of  computation  while 
preserving  the  evaluation  and  application  structure.  Methods  are  developed  for 
construction  of  comparison  relations  and  for  proving  properties  of  particular  com¬ 
parisons.  There  is  a  maximum  approximation  relation  □  and  a  maximum  equiv¬ 
alence  relation  =.  Two  key  theorems  about  these  relations  are  (i)  Q  and  =  are 
extensional  and  (ii)  the  recursion  pfn  computes  the  least  fixed  point  with  respect 
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T.  )  L..  Extensionality  of  C  means  that  for  any  pair  of  pfns,  ipo  and  approx¬ 

imates  <p\  iff  ^0  applied  to  any  argument  v  approximates  <pi  applied  to  v. 

(poQv>i  E 

By  a  similar  result  for  =,  pfns  describe  partial  functions  on  ^-equivalence  classes  of 
the  computation  domain  and  two  pfns  are  ^-equivalent  iff  they  describe  the  same 
partial  function.  There  is  a  rich  hierarchy  of  comparisons  between  equality  and  the 
maximal  relations.  For  example,  work  preserving  transforms  such  as  distribution 
of  conditional  over  conditional  (fo  i->  fi  reads  “fo  transforms  to  fi”) 

if(if(p(x),q(x),r(x)),g(x),h(x))  •-^if(p(x),if{q{x),f(x),g(x)),if(r(x),f(x),g(x))) 

give  rise  to  comparisons  in  which  related  forms  describe  computation  trees  with 
the  same  number  of  nodes  of  each  sort,  but  different  subcomputation  structures. 
The  theory  of  comparison  relations  together  with  the  interpretation  of  descriptions 
by  rules  for  generating  computation  structures  provides  concepts  and  tools  useful 
in  developing  a  theory  of  program  specifications  and  transformations. 

In  order  to  compare  computations  carried  out  by  different  processes,  notions  of 
Zum  machine  structure  and  morphism  are  introduced.  This  serves  as  a  paradigm 
for  defining  and  proving  properties  of  compilers.  A  machine  structure  has  states 
and  a  step  relation,  with  states  naturally  generated  from  a  class  of  symbolic  de¬ 
scriptions.  A  morphism  f  maps  states  of  the  source  machine  A  to  states  ft  of 
the  target  machine  B  in  a  manner  that  carries  the  step  relation  fi  of  the  source 
machine  to  steps  >— >  g  of  the  target  machine. 

Co  A 

i  i 

Sequential  computation  has  a  natural  machine  structure  R,.  A  richer  machine 
structure  T  based  on  sequential  descriptions  is  defined  within  the  tree-structured 
computation  model.  The  key  characteristic  of  sequential  descriptions  is  that  the 
evaluation  relation  restricted  to  sequential  descriptions  is  just  the  reduces-to  rela¬ 
tion,  making  reduees-to  a  natural  step  relation.  The  main  result  is  the  existence 
of  a  Rum  machine  morphism  mapping  ^  to  T.  This  morphism  corresponds  to 
the  normal  form  theorem  of  recursion  theory  and  it  makes  the  relation  between 
functional  and  control  abstractions  precise. 

Working  in  Rum.  In  addition  to  developing  general  tools  for  reasoning  about 
computation,  a  variety  of  examples  have  been  worked  out  to  illustrate  the  use  of 
these  tools  and  to  demonstrate  the  adequacy  of  the  theory.  In  particular  we  have 
formulated  and  proved  the  correctness  of  the  following 
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•  a  program  that  uses  continuations  as  an  escape  mechanism  to  avoid  unneces¬ 
sary  work  in  computing  the  product  of  the  numbers  in  a  tree  with  numbers  at 
the  leaves.  If  a  zero  is  encountered  it  is  returned  directly  to  the  caller  rather 
than  passing  the  information  back  in  the  normal  fashion  to  be  rechecked  at 
every  level.  This  corresponds  to  the  use  of  catch  and  throw  in  Lisp. 

■  a  simple  co-routine  derived  from  a  piece  of  network  software  to  convert  a 
stream  of  bits  presented  as  36-bit  words  to  a  stream  of  32-bit  words.  Contin¬ 
uations  axe  used  to  implement  the  co-routine  mechanism. 

■  a  pattern  matcher  that  generates  a  stream  consisting  of  all  matches  of  an 
object  to  a  pattern.  The  pattern  matcher  uses  pfns  to  remember  the  current 
state  of  the  search  and  to  implement  backtracking. 

■  a  derivation  map  that  transforms  source  programs  to  derived  programs  com¬ 
puting  properties  of  the  computation  described  by  the  source  programs. 

Plan 

The  contents  of  this  thesis  fall  into  three  major  segments.  Chapters  I-III 
contain  background  and  introductory  material.  The  main  body  of  the  work  is  pre¬ 
sented  in  Chapters  IV- VII.  Chapter  VIII  contains  a  summary  of  the  work  presented 
and  together  with  Appendices  A  and  B  fills  in  some  gaps. 

In  Chapter  I  we  outline  the  origins  of  symbolic  computation  and  the  basic 
goals  of  a  mathematical  theory  of  computation.  Examples  of  programs  and  oper¬ 
ations  on  programs  are  given  that  help  introduce  some  of  the  informal  concepts 
and  programming  tools  we  wish  to  treat.  The  main  concepts  and  results  from 
programming  language  semantics  and  logic  that  form  the  foundation  for  our  work 
are  surveyed.  In  the  final  section  the  goals  of  our  work  are  presented.  Chapter  II 
is  an  informal  introduction  to  the  structures  and  concepts  of  Rum,  illustrated  by 
a  series  of  simple  examples.  The  mathematical  tools  and  notation  used  in  the  re¬ 
maining  chapters  are  summarized  in  Chapter  III.  Tree-structured  computation  is 
described  in  Chapter  IV.  The  basic  objects,  operations,  and  relations  are  formally 
defined  and  the  connection  between  computation  trees  and  the  relations  evalua¬ 
tion  and  subcomputation  characterizing  these  structures  is  given.  Some  additional 
notation  for  working  in  Rum  is  developed.  A  small  library  of  pfns  and  their  prop¬ 
erties  is  begun  including  algebraic  combinators,  a  recursion  pfn,  and  schemes  for 
recursion  on  sequences.  The  notion  of  stream  is  defined  as  a  set  of  pfns  and  some 
definitions  and  properties  of  operations  on  streams  are  given.  Sequential  compu¬ 
tation  is  described  in  Chapter  V.  Additional  rules  for  generating  objects  are  in¬ 
troduced  and  additional  operations  and  relations  are  defined,  extending  the  world 
of  tree-structured  computation.  A  theorem  expressing  the  uniform  dependence 
on  context  of  sequential  computations  is  proved  and  relations  and  theorems  for 
tree-structured  computation  are  extended  to  sequential  computation.  The  use  of 
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^.-.uations  to  represent  co-routines  is  explained,  basic  properties  of  co-routines 
are  given,  and  a  simple  co-routine  is  defined  and  proved  correct.  In  Chapter  VI 
the  class  of  comparison  relations  is  defined  and  studied.  A  summary  of  algebraic 
operations  (such  as  union  and  intersection)  on  comparisons  and  of  properties  of 
comparisons  preserved  by  these  operations  is  given.  Theorems  providing  methods 
for  constructing  and  extending  comparisons  are  proved.  These  are  applied  to  prove 
extensionality  of  the  maximum  approximation  and  the  maximum  equivalence  re¬ 
lations,  to  prove  the  least  fixed  point  theorem  for  the  recursion  pfn,  to  prove  that 
the  computational  characterization  of  recursion  uniquely  determines  the  recursion 
pfn  modulo  the  maximum  equivalence,  and  to  generate  a  variety  of  comparisons 
corresponding  to  typical  program  transformations.  Chapter  VII  treats  machine 
structures  and  compiling  morphisms.  The  domains  and  operations  of  a  machine 
structure  are  given  and  morphisms  are  characterized  as  maps  preserving  both  the 
algebraic  structure  and  the  computation  structure.  A  machine  structure  is  defined 
within  the  world  of  tree-structured  computation  and  a  morphism  from  the  natural 
machine  structure  for  sequential  computation  is  defined  and  proved  correct.  In 
Chapter  VIII  the  work  presented  in  this  thesis  is  reviewed  and  the  accomplish¬ 
ments  are  summarized.  Some  additional  remarks  are  made  on  the  choice  of  basic 
notions  and  on  relations  to  other  work.  Further  applications  and  future  directions 
of  research  are  also  discussed.  Appendix  A  is  a  concise  and  complete  definition  of 
the  underlying  algebraic  structure  and  of  the  basic  computation  relations  of  Rum. 
In  addition,  some  notions  that  were  treated  only  informally  in  the  main  text  are 
given  precise  definitions.  Appendix  B  contains  two  substantial  examples  which 
illustrate  further  what  we  can  do  in  Rum.  The  first  example  defines  a  class  of 
derived  properties  of  computation  trees  and  a  derivation  map  on  forms  such  that 
derived  forms  compute  the  derived  properties  of  the  computations  described  by 
the  original  forms.  The  second  example  treats  tree-structured  search  spaces  where 
trees  are  given  by  a  successor  function  and  an  initial  position.  A  pfn  generating  a 
stream  of  positions  according  to  a  given  search  strategy  is  defined  and  key  prop¬ 
erties  proved.  We  illustrate  the  use  of  these  tools  to  define  and  prove  properties 
of  pfns  that  generate  streams  by  searching. 

Guide  for  reading 

The  contents  of  Chapter  I  and  their  relevance  is  explained  in  more  detail  in 
the  introduction  to  that  chapter.  The  reader  familiar  with  Lisp,  programming 
language  semantics,  program  transformations,  or  recursion  theory  may  wish  to 
skip  the  corresponding  parts  of  this  survey  of  previous  work.  The  final  section  of 
Chapter  I  should  be  read  as  it  explains  the  goals  of  our  work  and  establishes  a 
framework  for  understanding  some  of  the  choices  of  basic  notions.  The  illustrated 
informal  introduction  to  Rum  (Chapter  II)  provides  a  general  overview  and  is 
recommended  reading  for  all.  The  introduction  to  Chapter  III  explains  which 
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parts  of  the  mathematical  notation  and  background  presented  in  that  chapter  are 
needed  for  which  paxts  of  the  following  presentation. 

The  work  on  comparison  relations  (Chapter  VI)  and  the  examples  in  Ap¬ 
pendix  B  are  carried  out  in  the  world  of  tree-structured  computation  and  depend 
only  on  the  definitions  and  results  of  Chapter  IV.  Chapter  V  extends  the  world 
of  tree-structured  computation  and  requires  knowledge  of  the  material  in  Chap¬ 
ter  rV.  The  treatment  of  abstract  machine  structures  and  compiling  morphisms 
(Chapter  VII)  involves  both  tree-structured  and  sequential  computation. 

The  examples  given  in  Chapter  IV  and  Appendix  B  can  be  understood  infor¬ 
mally  by  reading  the  informal  description  of  the  computation  primitives  (§rv.2) 
and  becoming  familiar  with  notation  conventions  (§IV.3).  (Assuming  the  illus¬ 
trated  introduction  has  been  read).  The  work  on  comparisons  and  on  machines 
and  morphisms  is  more  technical. 

To  obtain  a  general  perspective  of  the  goals  of  Rum  the  final  section  of  the 
background  chapter  (§1.6)  can  be  read  at  any  time.  The  review  of  the  work  pre¬ 
sented  in  this  thesis  and  of  the  accomplishments  (§VIII.l)  can  also  be  read  at  any 
time  to  help  the  reader  form  a  general  picture.  For  the  reader  who  is  puzzled  by 
our  choice  of  basic  notions,  the  discussions  in  §1.6  and  §VIII.2  may  be  read  when 
such  questions  arise. 
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Chapter  I.  Background 


Rum  brings  together  a  variety  of  notions  and  draws  frona  work  in  several  areas 
including  symbolic  computation,  program  transformations,  programming  language 
semantics,  and  recursion  theory.  The  purpose  of  this  chapter  is  to  introduce  the 
programming  tools  and  informal  concepts  from  current  programming  practice  we 
wish  to  treat  and  to  summarize  the  ideas  and  results  from  programming  language 
semantics  and  logic  that  are  the  foundation  for  our  work.  Additional  remarks  on 
related  work  can  be  found  in  §Vin.3. 

Two  themes  recur.  One  is  the  role  of  application  and  abstraction  in  de¬ 
scribing  computation  and  in  defining  functions.  The  other  is  the  role  of  program 
transformations  in  understzinding  computations  described  by  programs,  deriving 
programs,  and  proving  properties  of  programs.  Some  parts  of  this  chapter  will 
be  more  meaningful  to  some  people  and  other  parts  more  meaningful  to  others, 
depending  on  background  and  interest.  The  reader  should  at  least  be  able  to  get 
a  general  idea  of  eeich  of  the  areas,  and  be  able  learn  more  by  reading  suggested 
references.  All  of  the  work  discussed  went  into  the  consideration  and  development 
of  Rum. 

In  §1  we  explain  what  we  mean  by  symbolic  computation,  list  the  goals  of 
a  mathematical  theory  of  computation,  and  give  some  basic  steps  towards  these 
goals.  This  is  based  on  ideas  of  McCarthy  [1960,  1963b]. 

The  work  in  Lisp  and  related  languages  lays  a  foundation  for  the  practice  of 
symbolic  computation  and  provides  many  ideas  about  description  of  computation, 
data  structures,  control  structures,  and  operations  on  programs.  In  §2  example 
programs  are  given  illustrating  many  of  these  ideas  including  simple  S-expression 
recursion,  mapping  functionals,  escape  mechanisms,  representation  of  structured 
data  as  higher-order  objects,  streams  and  co-routines.  Variants  of  these  examples 
will  reappear  in  the  Rum  context  where  their  mathematical  properties  are  stud¬ 
ied.  This  section  concludes  with  a  discussion  of  choices  for  representation  of  the 
computation  state  in  some  dialects  of  Lisp.  Consequences  of  these  choices  related 
to  the  computation  primitives  provided  and  the  limitations  imposed  are  pointed 
out.  This  is  to  emphasize  that  a  fuller  mathematical  understanding  of  the  basic 
computation  structures  and  of  the  underlying  model  of  computation  can  be  of 
value  in  making  decisions  about  the  design  and  implementation  of  a  programming 
system. 
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In  §3  we  look  at  work  involving  operations  on  programs.  This  work  plays  an 
important  role  in  the  development  of  programming  tools,  compilers,  and  program¬ 
ming  systems.  A  brief  summary  of  a  variety  of  operations  on  programs  is  given. 
Then  the  basic  ideas  underlying  systems  of  program  improving  transformations 
(Burstall  and  Darlington  [1976,  1977],  Scherlis  [1980])  are  outlined.  Examples 
are  given  illustrating  the  use  of  program  transformations  for  improving  programs 
and  for  analyzing  improvements  by  transforming  a  program  into  a  derived  program 
which  computes  properties  of  the  computations  described  by  the  original  program. 
This  work  is  the  starting  point  for  work  on  transformations  in  Rum.  The  examples 
illustrate  basic  concepts  to  be  generalized  to  our  richer  computational  model. 

§4  concerns  interpretations  and  uses  of  a  simple  lambda-calculus-like  language 
AE.  Many  of  the  basic  ideas  underlying  the  Rum  model  of  computation  are  pre¬ 
sented  in  this  section.  We  begin  with  an  interpretation  of  expressions  of  AE  given 
by  an  abstract  machine  (SECD)  for  mechanical  evaluation  of  expressions.  Ex¬ 
tension  of  AE  to  lAE  by  the  addition  of  imperative  constructs  and  use  of  lAE 
as  a  tool  for  semantics  and  language  design  is  also  discussed.  This  is  based  on 
ideas  of  Landin  [1964,  1965,  1966].  Next  a  call-by- value  variant  of  the  lambda 
calculus  due  to  Plotkin  [1975]  is  described.  Notions  of  value  and  evaluation  are 
compared  to  those  of  normal  form  and  reduction;  and  operational  equivalence,  a 
natural  equivalence  relation  on  expressions  based  on  evaluation,  is  compared  to 
lambda  equivalence.  Further  insights  concerning  application  and  abstraction  as 
programming  tools  are  obtained  by  examining  the  use  of  AE  to  define  semantic 
meaning  functions  for  general  programming  languages.  The  key  ideas  are  due 
to  Morris  and  Wadsworth  (see  Reynolds  [1972]).  A  series  of  interpreters  defined 
by  AE  programs  is  discussed.  These  illustrate  the  options  for  control  structure 
in  an  interpreter;  for  representation  of  objects  in  the  semantic  domain;  and  how 
these  choices  affect  the  relation  of  the  semantics  of  the  defined  language  to  that  of 
the  defining  language.  Of  particular  interest  is  the  notion  of  continuation-passing 
style  and  the  existence  of  machine-like  fragments  in  AE.  Interpreters  written  in 
this  fragment  are  “absolute”  in  the  sense  that  the  functions  defined  by  programs 
of  the  defined  language  are  independent  of  the  choice  of  evaluation  rule  for  the 
defining  language.  The  main  features  of  continuation-passing  are  summarized  and 
some  additional  work  based  on  transformations  into  this  fragment  is  discussed. 

In  §5  we  review  work  in  logic  related  to  the  construction  and  analysis  of  ap¬ 
plicative  structures  sufficiently  rich  to  serve  as  models  of  lambda  calculus  laws  for 
application  and  abstraction.  Of  particular  interest  are  theorems  expressing  key 
closure  conditions  satisfied  by  classes  of  functions  or  computations;  methods  for 
constructing  applicative  structures  uniformly  from  given  abstract  structures;  and 
theorems  identifying  incompatible  sets  of  requirements  for  applicative  structures. 
We  begin  with  a  discussion  of  the  basic  goals  of  recursion  theory.  Notions  of  a 
recursion  theory  (closure  conditions  for  classes  of  functions)  and  of  o  computation 
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theory  (closure  conditions  for  classes  of  computations)  are  introduced  as  a  context 
for  presenting  versions  of  the  key  theorems  —  the  theorem,  the  recursion  theo¬ 
rem  and  the  normal  form  theorem.  Three  constructions  of  applicative  structures 
are  presented:  recursion  on  abstract  structures  (Moschovakis  [1969]);  extensional 
models  of  the  lambda  calculus  (Scott  [1976]);  and  theories  of  partial  operations 
and  classes  (Feferman  [1975]).  Each  construction  yields  a  model  satisfying  the 
conditions  for  a  recursion  theory.  The  Moschovakis  construction  is  a  paradigm 
for  constructing  computation  theories.  Scott  models  provide  independent  mathe¬ 
matical  constructions  of  models  of  the  lambda  calculus  as  a  language  for  defining 
functions.  The  rich  equational  theory  of  these  models  has  served  as  a  paradigm  for 
the  study  of  equations  in  JSum.  Feferman ’s  work  illustrates  a  method  of  extend¬ 
ing  theories  of  structures  (classes  of  abstract  structures)  to  intensional  theories  of 
partial  function  on  these  structures.  The  extended  theories  are  inconsistent  with 
extensionality.  The  proof  of  this  fact  identifies  an  important  collection  of  incom¬ 
patible  requirements  and  suggests  that  testing  for  equality  on  the  full  computation 
domain  is  what  must  be  given  up  in  order  to  have  computationly  meaningful  in- 
tensionality  which  is  consistent  with  extensionality. 

In  §6  the  goals  of  2um  are  explained  and  we  indicate  how  ^um  extends  and 
builds  on  the  work  summarized  in  this  chapter. 

For  this  chapter  we  assume  that  the  reader  is  familiar  with  the  basic  notation 
and  notions  of  the  lambda  calculus.  We  use  the  terms  “extensional”  and  “inten- 
sional”  to  distinguish  between  the  “what”  and  the  “how” .  For  example  extensional 
properties  of  programs  axe  determined  by  what  values  are  returned,  while  inten¬ 
sional  properties  depend  on  how  the  value  is  computed.  In  this  framework  we 
can  speak  of  extensional  properties  of  control  abstractions  as  well  as  of  functional 
abstractions.  We  caution  the  reader  that  we  will  use  the  term  “function”  both  in 
the  constructive  or  intensional  sense  as  a  rule  for  computing  a  value  and  in  the  set 
theoretic  or  extensional  sense  as  a  graph  or  set  of  pairs.  Context  should  make  the 
intended  sense  clear.  We  use  the  term  “conditional”  to  refer  to  if-then-else  type 
computation  primitives  which  express  conditional  evaluation  based  on  the  value 
of  a  test  subcomputation. 

The  references  given  are  intended  to  provide  useful  pointers  to  key  original 
papers  and  to  surveys  or  texts  where  available.  They  are  not  intended  as  a  com¬ 
prehensive  bibliography  in  any  of  the  areas  encompassed. 
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1.1.  About  symbolic  computation 

1.1.1.  Symbolic  expressions  and  first-order  Lisp 

Practical  symbolic  computation  has  its  origin  in  the  work  of  McCarthy.  The 
basic  ideas  are  presented  in  McCarthy  [1960],  which  is  the  beginning  of  the  lan¬ 
guage  Lisp.  Computation  is  described  by  symbolic  expressions  using  recursion 
and  conditional  evaluation.  The  data  domain  is  the  S-expression  domain  which  is 
generated  by  a  pairing  operation  from  a  set  of  atomic  objects  including  symbols 
and  numbers.  Lists  are  those  S-expressions  built  from  the  empty  list  by  pairing  an 
arbitrary  S-expression  with  a  list.  There  is  a  special  atom  NIL  that  represents  the 
empty  list.  Programs  are  naturally  represented  as  lists  and  interpretations  of  the 
variable  symbols  occurring  free  are  represented  by  a-ltsts  (association  lists).  An 
a-list  is  a  list  of  pairs  interpreted  as  associating  the  first  element  of  each  pair  with 
the  second.  The  value  of  an  expression  e  relative  to  an  interpretation  of  its  free 
variables  a  is  defined  by  a  computable  function  on  S-expressions  eval{e,a).  This 
function  was  later  implemented  zis  a  Lisp  interpreter  (McCarthy  et.  al.  [1962]). 

As  an  example,  the  function  that  computes  the  product  of  the  atoms  of  an 
S-expression,  using  an  a-list  to  interpret  symbols  is  given  by  the  recursive  definition 

prod(x,a)  *— \f[atom{x), 
aval{x,  a), 

prod  [ear  {x),  a)  *  prod(cdr(x),  a)) 

where  atom  tests  for  atomic  expressions,  cor  and  cdr  select  the  first  and  second 
components  of  a  pair,  aval{x,a)  is  the  value  associated  with  the  atom  x  by  the 
a-list  o.  This  definition  is  represented  in  (Common)  Lisp  by  the  S-expression 

(DEFUN  PROD  (X  A) 

(IF  (ATOM  X) 

(AVAL  X  A) 

(♦  (PROD  (CAR  X)  A) (PROD  (CDR  X)  A)))). 

S-expressions  were  designed  as  a  representation  of  symbolic  information  that 
is  easy  to  read,  print,  and  operate  on.  Some  examples  of  symbolic  information  are 
programs,  mathematical  expressions,  logical  formulae,  rules  of  inference,  schedules, 
and  inventories. 

It  is  important  to  note  that  even  in  full  Lisp,  the  S-expression  domain  is 
treated  as  an  “abstract  structure”  with  primitive  operations  for  creating  objects, 
selecting  and  updating  components  of  composite  objects,  testing  for  the  identity 
of  two  objects  and  recognizing  the  different  sorts  of  objects.  By  abstract  structure 
here  we  mean  that  data  objects  are  treated  uniformly  and  can  be  part  of  argument 
lists,  bound  in  environments  and  returned  as  values.  The  size  of  an  object  is  only 
of  concern  when  it  is  necessary  to  process  each  sub-object. 
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’  ^  Basis  for  a  mathematical  theory  of  computation 

McCarthy  (1963a, b]  introduces  the  notion  of  a  mathematical  theory  of  com¬ 
putation.  As  this  work  is  the  starting  point  for  much  of  the  work  in  Zum,  we 
summarize  the  main  ideas  below. 

McCarthy  [1963b]  sets  forth  goals  for  a  mathematical  theory  of  computation, 
presents  several  formalisms  for  describing  computations,  and  gives  some  mathe¬ 
matical  properties  of  the  formalisms  as  steps  towards  achieving  these  goals.  Mc¬ 
Carthy’s  goals  are  still  very  relevant  and  Me  closely  related  to  the  goals  of  kum. 
They  are  (in  abbreviated  form) 

1.  To  develop  a  universal  programming  language. 

2.  To  define  a  theory  of  equivalence  of  computation  processes.  This  would  be 
the  basis  for  a  theory  of  equivalence  preserving  transformations. 

3.  To  represent  algorithms  by  symbolic  expressions  in  such  a  way  that  significant 
changes  in  the  behavior  represented  by  the  algorithms  are  represented  by 
simple  changes  in  the  symbolic  expressions. 

4.  To  represent  computers  as  well  as  computations  in  a  formalism  that  permits 
a  treatment  of  the  relation  between  a  computation  and  the  computer  that 
carries  out  the  computation. 

5.  To  give  a  quantitative  theory  of  computation.  For  example  to  find  a  quanti¬ 
tative  measure  of  the  size  of  a  computation  analogous  to  Shannon’s  measure 
of  information. 

The  key  formalism  given  by  McCairthy  for  describing  computations  is  the 
definition  of  a  class  of  computable  functions  over  a  given  data  domain  and  a  given 
set  of  operations  on  that  domain  by  systems  of  recursion  equations.  A  system  of 
recursion  equations  has  the  form 

/i(xi,...,a;ni)  ^  Cl 

fk  1  >  •  •  •  > 

where  for  1  <  j  <  k,  fj  is  a.  function  symbol  of  arity  ny  and  ey  is  an  expression 
built  from  the  variables  ®i, . . . ,  Xn,- ,  constants  for  data  and  given  operations,  and 
the  symbols  /t,  1  <  *  <  k,  using  application  and  conditional  (if-then-else).  {•«—  j) 
is  the  defining  equation  for  /y  and  the  definitions  are  used  recursively  to  compute 
the  value  of  any  such  expression  relative  to  an  assignment  of  values  in  the  data 
domain  to  the  variable  symbols  of  the  expression.  The  value  of  an  if-then-else 
expression  is  computed  by  computing  the  value  of  the  if  subexpression.  If  the 


(-  1) 
(-  k) 
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result  is  true  the  then  subexpression  is  evaluated  otherwise  the  else  subexpression 
is  evaluated.  In  either  case  the  other  branch  subexpression  is  not  evaluated.  Values 
of  argument  expressions  must  be  computed  before  a  given  or  defined  function  can 
be  applied.  Defined  functions  are  applied  by  evaluating  the  right-hand  side  of 
the  defining  equation  where  the  values  of  the  argument  expressions  are  assigned 
to  the  variables  of  the  left-hand  side.  This  formalism  provides  an  interpretation 
of  systems  of  recursion  equations  both  as  rules  of  computation  and  as  partial 
functions.  Thus  it  provides  an  interpretation  of  pure  Lisp-like  programs  as  partial 
functions. 

Two  key  mathematical  results  given  by  McCarthy,  about  the  above  formalism 
for  describing  computation,  are: 

•  a  notion  of  equivalence  for  conditional  expressions  and  axioms  and  rules  suf¬ 
ficient  for  transforming  an  expression  to  any  equivalent  expression 

•  The  principle  of  recursion  induction  for  proving  equations  involving  recur¬ 
sively  defined  functions  -  let  /  be  a  recursively  defined  function  and  let  g  any 
function  with  the  same  domain  of  definition  as  /  which  satisfies  the  defining 
equation  for  /.  Then  g  and  /  are  the  same  partial  function. 

A  further  importEuxt  idea,  introduced  in  McCarthy  [1963a]  is  abstract  syntax. 
The  abstract  syntax  of  a  language  specifies  the  set  of  expressions  and  operations 
for  synthesis  and  analysis  abstractly,  independent  of  any  notation.  It  is  defined  by 
giving  a  signature  and  axioms.  The  signature  consists  of  names  for  constructors 
of  expressions  (the  synthetic  part),  and  for  operations  recognizing  the  various 
constructions  and  selecting  components  (the  analytic  part).  The  axioms  specify 
the  relations  among  the  constructors,  selectors  and  recognizers. 

Remarks 

•  The  interpretation  of  systems  of  recursions  equations  as  rules  is  used  as  a 
basis  for  operational  reasoning  about  properties  of  the  partial  functions  computed. 
Recursion  induction  is  an  example.  This  interpretation  is  not  developed  to  provide 
a  basis  for  representing  and  proving  intensional  properties. 

•  The  functions  computed  by  a  system  of  recursion  equations  are  the  least  fixed 
points  of  the  corresponding  system  of  functionals  <ri . . .  Tjk>  where 

T\  A(yi  .  .  .  /fc)^(^l  >  •  •  •  5  ®ni  )®1 
Tk  —  A(/i  ...  /fc)  A(li ,  •  •  .  ,  )®fc* 

This  is  a  form  of  inductive  definition  of  partial  functions.  The  principle  of  recur¬ 
sion  induction  is  a  consequence  of  the  minimality  of  the  defined  functions.  (See 
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Moschovakis  [1975]  for  a  general  treatment  of  partial  functions  defined  by  such 
systems  of  functionals.) 

•  A  modern  version  of  abstract  syntax  is  the  notion  of  initial  algebra  (Goguen 
and  Meseguer  [1983])  extended  by  operations  for  recognizing  and  selecting. 


1.2.  Programming  examples 

Early  work  on  the  lambda  calculus  (Kleene  [1936a],  Church  [1941])  established 
the  expressive  power  of  abstraction  and  application,  interpreted  using  lambda  re¬ 
duction  rules,  for  defining  functions.  Central  in  this  work  was  the  use  of  functions 
as  values  to  represent  definition  mechanisms  such  as  recursion,  iteration,  and  min¬ 
imization,  and  to  represent  structured  objects  such  as  tuples.  Early  examples  of 
programming  using  function  and  control  abstractions  are  given  in  Burstall  [1968] 
and  Burge  [1971].  Many  more  examples  can  be  found  in  Sussman  and  Steele  [1975], 
Friedman  et.  al.  [1984],  and  Abelson  and  Sussman  [1985].  The  examples  in  this 
section  illustrate  some  of  the  key  features  of  such  programs. 

1.2.1.  Notation 

S-expressions  will  be  used  as  the  data  domain  for  examples  in  this  chapter,  x, 
y,  z,  .. .  range  over  S-expressions  and  we  use  standard  notation  for  numbers  and 
arithmetic  expressions.  S-expression  symbol  constants  are  upper  case  identifiers  in 
THIS  FONT,  for  example  NIL,  A,  B,  and  CAR  denote  symbolic  atoms.  We  use  x  •  y  as 
infix  notation  for  the  pairing  operation  cons{x,y),  <yi,. . .  ,yn>  for  the  multi-ary 
list  forming  operation,  and  xoy  as  infix  notation  for  append  (list  concatenation). 
Thus  B  •  NIL  and  <B>  are  expressions  denoting  the  list  with  a  single  element  B  and 
«B>>  is  a  list  with  one  element,  the  list  <B>,  which  in  turn  has  one  element,  the 
symbol  B.  Using  the  associativity  of  append  and  letting  •  associate  to  the  right  we 
have 


<A,  «B»,  C>  =  A  •  ((B  •  NIL)  •  NIL)  •  C  •  NIL  =  <A>  o  «<B»>  o  <C>. 

In  some  of  the  examples  we  also  use  the  traditional  Lisp  notation  for  list  con¬ 
stants  as  illustrated  by  the  S-expression  representation  of  the  prod  program  above. 
In  general,  ()  represents  the  empty  list.  ((B))  =  «B»  and  <A,  <<B>>,C>  = 
(A  ((B))  C).  Use  of  Lisp  list  notation  for  list  constants  in  mathematical  expres¬ 
sions  may  lead  to  confusion  since  parentheses  might  be  merely  grouping  symbols 
or  they  might  denote  a  level  of  list  formation.  We  will  use  the  Lisp  notation  only 
where  such  confusion  can  not  arise. 

Finite  sequences  of  elements  a-,  are  written  [ao,...Oii].  o  is  the  empty  se¬ 
quence.  [ujw]  is  the  concatenation  of  sequences  u  and  u.  Individual  elements  are 
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also  treated  as  sequences  of  one  element.  For  conditional  expressions,  we  write 
if(co,ei,C2)  rather  than  if  cq  then  ei  else  62. 

We  use  lambda  notation  for  function  expressions.  For  example,  A (2) A  is  the 
constant  function  with  value  A  and  A(x,  y)x(y)  is  a  function  of  two  arguments  that 
applies  its  first  argument  to  its  second  argument.  Braces  are  often  used  to  enclose 
complex  expressions  in  function  positions  to  improve  readability.  Thus  co  applied 
to  Cl  may  be  written  {eo}(ei)  and  we  have 

{A(x,y)x(y)}(car,(A  B))  =  A. 

We  will  have  occasion  to  use  two  notions  of  substitution  of  one  expression  into 
another.  c|®j  denotes  the  result  of  substituting  ci  for  free  occurrences  of  x  in 
e,  renaming  bound  variables  of  c  if  necessary  to  avoid  trapping  free  variables  of 
Cl.  This  is  the  usual  logical  notion  of  substitution.  The  other  notion  is  that  of 
placing  an  expression  into  an  expression  context.  An  expression  context  is  an 
expression  c  with  a  hole  to  be  filled  (written  c{. . .}).  e{co}  is  the  result  of  putting 
the  expression  cq  in  the  hole,  without  any  renaming  of  bound  variables  in  e.  (This 
is  a  second  use  of  braces,  but  should  cause  no  confusion.)  One  can  think  of  an 
expression  context  as  an  expression  containing  a  free  occurrence  of  a  distinguished 
variable  symbol  marking  the  hole. 

For  expressions  that  may  not  have  a  value  we  write  cq  ~  ci  to  mean  that 
either  both  cq  and  ci  are  undefined  or  both  are  defined  with  the  same  value.  In 
case  both  expressions  are  known  to  be  defined  we  may  write  co  =  Ci. 

1.2.2.  Mapping  functionals 

A  common  operation  in  symbolic  computation  is  to  “map”  through  a  list  or 
tree  structure,  applying  a  given  function  at  each  point  and  collecting  the  results 
using  an  operation  such  as  cons  to  collect  into  a  list  or  +  to  collect  into  a  number. 
Such  functionals  are  given  by  special  kinds  of  schemes  for  recursion  on  the  ar¬ 
gument  structure  and  are  implemented  by  programs  traditionally  called  mapping 
functions  in  Lisp.  For  example  mapcar  takes  a  function  and  a  list  as  arguments, 
applies  the  function  to  each  element  of  the  list,  and  returns  a  list  of  the  results. 
Thus  if  tack  is  defined  by 

tack[x,y)  <—  mapcar {X{z) cons {x,  z)  ,y) 


then 

tack{xy<. . ,  ,yi,. .  .>)  ~  <...,(x  •  y, •),...> 


i.e.  the  S-expression  x  is  tacked  to  each  member  of  the  list  y.  Mapping  functions 
are  distributive  functionals  -  the  mapping  operation  distributes  over  suitable  op¬ 
erations  on  the  recursion  argument.  They  satisfy  a  rich  collection  of  algebraic 
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Irws  derived  from  laws  for  operations  on  the  argument  and  value  structures.  For 
example  for  lists  y,  z 


tack{x,y  o  z)  =  tack[x,y)  otack{x,z). 

1.2.3.  Escape  mechanisms 

Escape  mechanisms  are  important  programming  tools.  Error  handling  is 
based  on  such  mechanisms.  They  also  provide  a  way  of  pruning  unnecessary 
computation  and  allow  certain  computations  to  be  expressed  by  more  compact 
and  conceptually  manageable  programs.  The  idea  is  to  mark  a  given  point  in  a 
computation  and  to  be  able  to  continue  from  that  point  when  special  conditions 
arise  in  the  course  of  a  computation  rather  than  continuing  in  the  normal  way.  For 
example  suppose  p  computes  a  predicate  on  S-expressions.  We  would  like  to  search 
an  S-expression  for  a  subexpression  satisfying  the  predicate  and  to  terminate  the 
search  as  soon  as  such  a  subexpression  is  found.  If  no  such  subexpression  is  found, 
NIL  is  returned,  find  carries  out  such  a  search. 

find{x,p)  *—  catch(TAG,/mdtt(x,p)) 
findit{xyp)  •«—  if(p(x), 

throw  (TAG,  x) 
if(atom(x), 

NIL, 

progn[/ indit{car{x) ,  p) , 

/tndit(cc{r(x),p)])), 

catch,  throw,  and  progn  are  traditional  Lisp  names  for  program  constructs, 
catch  (TAG,  Co)  is  used  to  mark  the  point  at  which  computation  of  cq  begins  with 
the  symbol  TAG.  If  during  the  evaluation  of  Co  an  expression  throw  (TAG,  ci)  is 
executed  then  ci  is  evaluated  and  the  value  of  ci  is  returned  as  the  value  of  the 
catch  expression.  That  is,  computation  resumes  at  the  point  marked  by  TAG 
returning  the  value  of  Ci.  If  the  evaluation  of  co  returns  a  value  normally  then 
that  value  is  returned  by  the  catch  expression,  progn  evaluates  a  sequence  of 
expressions  and  returns  the  value  of  the  last  one. 

1.2.4.  Structured  data  represented  as  functions 

The  representation  of  structured  objects  as  functions  provides  a  uniform  mech¬ 
anism  for  data  representation  in  terms  of  well  understood  concepts  of  function 
application  and  abstraction.  These  ideas  go  back  to  early  work  in  the  lambda 
calculus  (Kleene  [1936],  Church  [1941])  and  were  proposed  in  the  context  of  pro¬ 
gramming  by  Reynolds  [1970].  We  will  illustrate  two  representations  of  a  pairing 
structure.  The  basic  ideas  generalize  to  a  wide  class  of  abstract  data  structures. 
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Icons,  lcar,lcdr  correspond  to  the  usual  representation  of  a  pairing  structure 
in  the  lambda  calculus. 

Icons  •«—  \{x,y)\{z)z[x,y) 
tear  +-  \{z)z{\{x,y)x) 

Icdr  A{z)z(A(x,y)j/) 

Thinking  of  these  as  definitions  in  lambda  calculus  Icons,  Icar,  Icdr  obey  the  usual 
the  pairing  laws.  For  example, 

lcar{lcons{x,y))  =  {\[z)z[x,y)}\[x,y)x  =  {A(x,y)x}{x,y)  =  x. 

Thinking  of  the  above  definitions  as  defining  objects,  /cons (A,  D)  is  an  object  which 
associates  A  with  x  and  D  with  y  and  we  have 

/car{/con5(A,D))  A 

ocons,  ocar,  osetcar,  opairp  represent  (part  of)  a  pairing  structure  in  the  object 
oriented  style  of  programming  k  la  Small-talk  (Goldberg  and  Robson  [1983])  or 
Actors  (Hewitt  [1977]).  In  this  style,  objects  contain  the  information  about  the 
operations  that  can  be  applied  and  are  sent  messages  naming  the  operation  to  be 
carried  out.  An  object  also  may  have  an  internal  state  which  can  be  updated  by 
the  object.  In  particular,  the  object  oriented  representation  extends  the  notion  of 
pairing  structure  to  include  updating  operations. 

ocons  ■*—  A(x,  y)A(ms(7)if(ms(7  =  PAIR?),! 

if  (msy  =  INTEGER?),  NIL 

if  (msy  =  CAR),x 

if(ms<7  =  CDR),  y 

if(msy  =  SETCAR),A(r)[x  ^  z], 

if (msy  =  SETCDR),  A(i:)[y  *-  z\, 

))))))...) 

opairp  *—  A(2)[z(PAIR?)] 

ocar  *—  A(z)[z(CAR)] 

osetcar  <—  A(z,x){z(SETCAR)}(x) 

ocons  creates  pairs,  ocar  gets  the  first  component,  osetcar  sets  the  first  component, 
and  opairp  tests  for  pairs  (among  a  collection  of  similarly  represented  data  types) . 
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xccuting  ocons(A,D)  creates  an  object  p  which  has  internal  state  associating  A  to 
v.c  D  to  y.  Executing  ocar[p)  causes  p  to  be  applied  to  CAR  (in  object  jargon,  the 
message  CAR  is  sent  to  p).  p  responds  by  returning  the  value  currently  associated 
to  X.  If  no  updating  messages  have  been  received  by  p  since  its  creation,  then  p 
will  respond  to  the  message  CAR  with  A.  osetcar{p,  B)  sends  p  the  message  SETCAR. 
p  responds  with  a  function  object  q  with  access  to  the  internal  state  of  p.  When  q 
is  applied  to  an  argument,  p’s  internal  store  is  updated  to  associate  that  argument 
to  X.  Thus  if  osetcar{p,B)  is  executed  then  p  will  respond  to  the  message  CAR 
with  B.  p  will  always  respond  to  the  PAIR?  message  with  T,  and  to  the  INTEGER? 
message  with  NIL. 

1.2.5.  Streams 

Streams  are  a  means  of  presenting  elements  of  a  possibly  infinite  sequence. 
The  elements  are  accessed  sequentially  by  request  for  the  next  element.  A  stream 
may  be  implemented  to  generate  the  next  element  when  requested  rather  than  in 
advance.  Typically  a  stream  s  is  a  O-axy  function-like  object  with  internal  state. 
Request  for  the  next  element  is  application  to  the  empty  argument  list,  5().  The 
source  of  stream  elements  and  whether  or  not  they  are  computed  in  advance  or 
upon  request  is  invisible  to  the  user  of  the  stream. 

Streams  are  an  important  tool  for  input  and  output.  Character  streams  are 
a  typical  example.  If  a  reader  or  parser  has  a  character  stream  as  a  parameter, 
then  the  same  program  can  be  used  to  read  from  a  file,  a  tape,  an  array,  a  list, 
or  a  terminal  by  constructing  the  appropriate  stream.  For  example,  the  program 
record.to.char  is  a  character  stream  that  provides  an  interface  to  an  input  device 
that  produces  80  character  records.  The  device  could  be  a  card  reader,  a  disk 
file,  a  terminal,  etc.  The  statement  8tream{o[l  :  80], n  •«-  80}  says  that  what  is 
created  is  a  stream  object  with  internal  store  a,  n.  a  is  a  tuple  of  length  80  and  n 
is  a  number,  initially  80.  Executing  o  read.record{)  reads  the  next  record  from 
the  device  into  the  tuple  o.  nth{a,n)  is  the  n-th  element  of  a. 

record.to.char  ^8tream{a[l  :  80],n  80} 

if  (n  <  80, 

progn[n  n  +  1, 
n<h(a,n)], 

progn[a  read.record{), 
n  *—  1, 
nth{a,n)]) 

At  any  stage  in  processing  input  from  the  device,  the  internal  state  of  record.to.char 
is  such  that  a  contains  the  current  record  and  n  indexes  the  last  character  read. 


§1.2 


Programming  examples 


19 


When  n  <  80  the  next  character  is  the  n  +  1-st  element  of  a.  When  n  >  80  the 
next  character  is  the  first  character  of  the  next  record. 

Another  use  of  streams  is  to  iterate  along  a  sequence  of  items  given  by  a 
sequence  of  expressions,  where  the  expressions  are  not  to  be  evaluated  until  needed. 
This  idea  was  introduced  by  Laudin  [1965]  to  interpret  certain  iteration  constructs 
of  Algol60. 

1.2.6.  Co-routines 

Another  useful  control  mechanism  is  co-routines.  The  idea  was  originally  pre¬ 
sented  in  Conway  [1963]  as  a  means  of  separating  a  complex  compiling  program 
into  a  number  of  small  independent  procedures.  Each  procedure  is  a  co-routine 
responsible  for  some  phase  in  the  transformation  of  a  source  program  represented 
as  a  sequence  of  characters  through  various  intermediate  stages  to  the  final  stage 
-  the  compiled  code.  In  a  system  of  co-routines  control  is  transferred  from  one  co¬ 
routine  to  another  by  resuming  rather  than  calling.  When  one  co-routine  resumes 
another,  it  remembers  the  point  where  it  left  off  and  begins  at  that  point  when 
control  is  transferred  back  to  it,  i.e.  when  it  is  resumed  by  a  partner  co-routine. 
The  classical  example  (given  by  Conway)  is  squasher  which  transforms  a  stream 
of  characters  by  “squashing”  adjacent  pairs  of  *  characters  (Fortran  for  exponent) 
to  a  single  f  character  (Algol  for  exponent).  The  statement  co-routine{rr,  y} 
expresses  that  squasher  is  a  co-routine  with  internal  state  components  named  by 
X,  y.  There  is  also  an  unnamed  component  of  the  internal  state  for  remembering 
where  to  resume.  The  body  of  squasher  is  a  sequence  of  instructions.  The  instruc¬ 
tion  X  ■«—  readchQ  assigns  to  x  the  next  character  from  the  input.  ifeq(cojCi);  e 
executes  e  only  if  Cq  and  ei  have  the  same  value,  user  is  the  partner  co-routine. 
Each  time  user  wants  another  character  it  resumes  squasher  and  will  be  resumed 
by  squasher  when  the  next  character  is  determined. 

squasher  co-routine{x,  y} 

SQ  :  I  *—  readchQ 

50  :  ifeq(z,  *);  goto  Si 

re8ume(u5er,  x) 
goto  SQ 

51  :  y  readchQ 

ifeq(y,*);goto  S3 
resume(uscr,  x) 
resunie(user,  y) 
goto  SQ 

S3:  resume(u5er, I) 
goto  SQ 
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Initially  sguasher  resumes  at  the  instruction  labeled  SQ  and  x  is  assigned  the  next 
character  from  the  input.  If  x  7^  *  then  user  is  resumed  passing  it  x  and  when 
sguasher  is  next  resumed  the  goto  SQ  instruction  will  be  executed.  If  i  =  *  then 
y  is  assigned  the  next  character.  If  y  ^  *  then  user  is  resumed  with  x  and  when 
sguasher  is  next  resumed  it  will  execute  the  resume(u5er,y)  instruction.  If  y  =  * 
then  user  is  resumed  with  |  and  when  sguasher  is  next  resumed  the  goto  SQ 
instruction  will  be  executed. 

1.2.7.  Features  of  Lisp  systems 

Lisp  systems  are  a  means  for  interactively  developing  programming  tools, 
building  data  structures,  and  for  carrying  out  computations  using  the  tools  devel¬ 
oped.  A  Lisp  system  has  internal  state  that  assigns  values  and  other  information 
to  symbols.  Interaction  is  carried  out  by  evaluating  symbolic  expressions.  The 
values  assigned  by  the  internal  state  provide  the  initial  evaluation  environment. 
Evaluation  may  simply  return  a  value  (ainswer  a  question).  It  may  also  modify 
the  internal  state  by  adding  to  or  updating  the  information  stored  there.  At  any 
point  in  the  process  of  evaluation  there  are  three  key  components  of  the  com¬ 
putation  state:  the  expression  currently  being  evaluated,  the  current  evaluation 
environment,  and  the  evaluation  context  for  the  current  expression  -  what  is  to 
be  done  with  its  value.  We  now  examine  implementation  of  these  features  in  more 
detail  for  several  Lisp  systems.  We  will  indicate,  for  some  of  the  computations  dis¬ 
cussed  above,  how  they  can  be  represented  in  these  systems  or  why  they  cannot 
be  represented  (directly). 

Lisp  1.5 

In  Lisp  1.5  (McCarthy  et.  al.  [1962])  environments  were  represented  by  a-lists 
as  in  McCarthy’s  original  description  of  Lisp.  Lambda  expressions  could  appeeir  in 
the  function  position  of  an  expression.  In  such  cases  they  were  not  evaluated,  but 
served  as  a  way  of  temporarily  naming  the  values  of  argument  expressions.  The 
function  construct  was  introduced  to  provide  a  means  of  lexically  fixing  the  values 
of  the  free  variables  of  lambda  expressions  used  as  functional  arguments.  The  value 
of  function(A(x)c)  is  a  funarg  object  containing  the  lambda  expression  and  the 
current  environment.  When  a  funarg  is  applied,  the  environment  component  is 
used  to  interpret  the  free  variables  of  the  lambda  expression.  Funargs  were  first 
class  objects  and  provided  a  means  of  returning  functions  as  values.  For  example, 
in  Lisp  1.5  the  definition  of  Icons  is  written 

Icons  •«—  A(x,y)function(A(z)z(x, y)). 

However,  not  much  use  was  made  of  this  feature  of  Lisp  1.5. 
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Error  trapping  mechanisms  were  provided  in  Lisp  1.5  in  order  to  give  system 
builders  control  over  what  happened  when  an  error  occurred.  These  primitives 
were  discovered  to  be  useful  for  programming  more  general  escape  mechanisms 
such  as  the  findit  example.  To  escape  with  a  value  using  the  error  mechanism, 
it  was  necessary  to  use  side  effects  -  for  example  setting  the  value  of  some  global 
parameter. 

Maclisp 

In  Maclisp  (Pitman  [1983])  the  computation  state  is  a  stack  structure.  A 
function  call  pushes  control  and  variable  binding  information  on  the  stack.  When 
a  value  is  returned  this  information  is  popped  (deleted)  from  the  stack  and  used 
to  resume  computation  in  the  calling  context.  Maclisp  provides  funargs,  but  the 
environment  component  of  a  funarg  object  in  Maclisp  is  a  “binding  pointer”  that 
refers  to  the  stack  position  where  the  binding  information  is  stored.  This  creates 
what  is  called  the  “funarg  problem”  (Moses,  [1970]),  although  in  fact  it  is  the 
“funval  problem” .  The  problem  is  that  a  funarg  is  not  an  object  with  an  indepen¬ 
dent  existence.  It  is  only  meaningful  to  apply  it  within  the  dynamic  scope  of  the 
environment  (function  call)  in  which  it  was  created.  After  the  computation  control 
exits  that  scope  the  binding  pointer  of  a  funarg  no  longer  refers  to  the  intended 
variable  bindings.  Thus  funargs  can  not  be  used  in  Maclisp  to  implement  Icons  or 
ocons. 

In  order  to  separate  program  control  mechanisms  from  error  mechanisms, 
catch  and  throw  primitives  were  introduced  in  Maclisp.  The  primitives  used 
in  the  findit  program  above  are  based  on  the  Maclisp  primitives.  In  the  simple 
case,  the  catch  tag  parameter  is  used  to  mark  the  control  stack  and  the  throw  tag 
parameter  is  used  to  determine  the  point  where  the  computation  is  to  be  continued 
by  searching  the  control  stack  for  the  matching  mark.  Like  funargs,  catch  tags 
are  only  meaningful  with  in  the  dynamic  scope  of  their  defining  context,  and  a 
catch  tag  cannot  be  thrown  to  after  popping  the  control  stack  beyond  the  point 
where  the  tag  was  defined.  Thus  catch  and  throw  are  not  adequate  to  implement 
co-routines. 

Interlisp  spaghetti 

In  Interlisp,  data  structures  called  environment  descriptors  are  used  to  repre¬ 
sent  the  state  of  a  computation  (Bobrow  and  Wegbreit  [1973]).  These  structures 
are  implemented  as  stack-like  objects  called  “spaghetti  stacks”  which  contain  ad¬ 
ditional  linkages  between  stack  positions  and  elements  of  the  stack.  [Pointer  di¬ 
agrams  for  these  structures  look  rather  like  spaghetti.]  Environment  descriptors 
are  first  class  objects  which  may  be  assigned  to  variables,  passed  as  arguments  and 
returned  as  values.  There  are  operations  for  creating  and  updating  environment 
descriptors  and  for  selection  of  control  and  variable  binding  components  of  envi¬ 
ronment  descriptors.  Environment  descriptors  can  be  used  to  implement  function 
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aV.’stractions  such  as  funaxgs  and  control  abstractions  such  as  catch  and  throw, 
and  co-routines. 

Scheme 

Scheme  (Sussman  and  Steele  [1975])  is  the  first  dialect  of  Lisp  to  take  abstrac¬ 
tion  and  application  seriously.  The  main  components  of  a  Scheme  computation 
state  are  an  expression,  an  environment  and  a  continuation.  A  continuation  is  a 
function  of  one  argument  representing  the  calling  context  for  the  expression  com¬ 
ponent.  The  function  position  of  an  application  is  evaluated  as  any  other  subex¬ 
pression.  The  value  of  a  lambda-expression  is  a  closure  containing  the  expression 
and  the  evaluation  environment  (Scheme  closures  behave  like  funargs  of  Lisp  1.5). 
The  catch  construct  of  Scheme  generalizes  that  of  Maclisp  by  binding  the  cur¬ 
rent  continuation  to  a  variable  rather  than  putting  a  mark  in  the  continuation. 
Closures  and  continuations  are  first  class  objects  and  give  much  of  the  capability 
of  Interlisp  environment  descriptors.  The  Scheme  model  of  computation  derives 
from  work  of  Landin  (see  §4). 

In  addition  to  Lisp  dialects,  a  number  of  other  programming  systems  provide 
higher  level  abstractions.  Of  principal  interest  to  our  work  are  ISWIM  (Landin 
[1966]  and  Burge  [1981]),  Pop-2  (Burstall  and  Popplestone  [1968]),  and  ML  (Milner 
[1984]). 

For  more  details  on  the  history  and  development  of  Lisp  see  McCarthy  [1978]. 
The  current  state  of  Lisp  is  described  in  (Steele  [1984]). 


1.3.  Program  transformations 

There  are  a  variety  of  operations  on  programs  carried  out  for  a  variety  of 
purposes  - 

(i)  converting  programs  annotated  with  assertions  about  the  computation  state 
at  the  annotated  points  into  logical  formulae  —  assertion  methods  of  verifica¬ 
tion  (Manna  [1969]) 

(ii)  annotating  programs  with  information  about  type,  control  and  data  flow,  etc. 
-  as  an  aid  to  compiling  and  program  understanding  (Steele  [1978]) 

(iii)  transforming  from  one  language  to  another  or  to  a  fragment  of  the  given 
language  -  compiling  (Steele  [1978]) 

(iv)  using  automatic  deduction  to  derive  defining  equations  from  specifications  — 
program  synthesis  (Manna  and  Waldinger  [1980]) 
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(v)  using  proof  normalization  to  construct  programs  and  using  programs  anno¬ 
tated  with  proofs  (obtained  from  the  normalization  process)  to  construct  op¬ 
timized  programs  for  special  cases  (Goad  [1980]) 

(vi)  transformations  changing  the  structure  of  the  computation  described  while 
preserving  the  function  computed  -  program  optimization  (Burstall  and  Dar¬ 
lington  [1976,  1977],  Scherlis  [1980]) 

(vii)  transforming  a  program  into  a  program  that  computes  a  property  of  compu¬ 
tation  described  by  the  original  program  -  derived  programs  (Wegbreit  [1975], 
McCarthy  -  private  communication) 

In  the  following  we  will  focus  on  transformations  such  as  (vi)  and  (vii)  and  restrict 
attention  to  programs  given  by  systems  of  recursive  definitions  over  a  given  data 
structure  (see  §1). 

1.3.1.  Improving  programs 

Burstall  and  Darlington  [1976,  1977]  studied  transformation  rules  with  the 
goal  of  developing  systems  for  automatically  improving  programs.  They  iden¬ 
tified  four  improvements:  (i)  recursion  elimination  (transforming  recursion  into 
iteration),  common  subexpression  elimination  (abstraction),  procedure  call  elimi¬ 
nation  (application),  and  reuse  of  storage.  The  basic  idea  is  to  begin  with  a  system 
of  definitions  C  containing  exactly  one  definition  for  each  defined  function  sym¬ 
bol.  New  definitions  are  added  according  to  a  set  of  transformation  rules,  and  a 
newly  derived  definition  may  be  taken  as  the  definition  (rule  for  computation)  of 
its  function  symbol.  Some  typical  transformation  rules  are 

•  (instantiation)  If  f{xi, . . .  ,Xn,y,Zi,. . .  ,Zm)  ■«—  e  is  in  ^  and  /  is  a  constant 
term  then  add  /(xi,. . .  ,Xn,/,zi, . . .  ,Zm)  ^  e'  where  c'  is  the  result  of  replac¬ 
ing  y  by  /  in  e. 

.  (unfolding)  If  /o(xi,...,Xn)  Ca  and  /6(yi,...,ym)  H  are  in  £  and  Cc 
is  obtained  from  e®  by  replacing  an  instance  of  /6(yi,...,ym)  by  the  corre¬ 
sponding  instance  of  then  add  fa{xi,. . . ,  x„)  <—  Cc. 

.  (folding)  If  fa(xi,. . .  ,Xn)  Ca  and  fb{yi,  •  •  •  ,ym)  •<—  are  in  £  and  Cc  is 
obtained  from  Ca  by  replacing  an  instance  of  ei  by  the  corresponding  instance 
of  Myi,---,ym)  then  add  fa{xi,. . .  ,Xn)  *-  Cc- 

•  (simplification)  If  /a(®i,  •  • .  ,Xn)  •*—  Co  and  Ca  simplifies  to  Cc  according  basic 
laws  (for  data  operations,  conditional,  etc.)  then  add  fa(xi,. . .  ,Xn)  Cc 

•  (definition)  If  fnew  is  function  symbol  not  mentioned  in  £  and  the  variables 
of  c  are  among  Xi, . . .  ,x„  then  add  fnew{xi,. . . ,  x^)  *—  e. 
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fimction  computed  by  a  definition  in  the  initial  system  and  the  function  com- 
i -.lied  by  a  definition  in  a  system  derived  by  these  rules  used  without  restrictions 
will  agree  on  their  common  domain  of  definition,  but  they  may  have  different  do¬ 
mains  of  definition.^  One  problem  is  that  arguments  to  functions  may  not  be  used 
in  the  defining  expression,  thus  an  undefined  term  may  disappear  upon  unfolding. 
Another  problem  is  that  using  folding  it  is  easy  to  derive  trivial  definitions  such 
as  /{xi, . . .  ,Xn)  /(xi, . . . , Xn).  Thus  there  is  additional  work  to  be  done  after 
an  arbitrary  sequence  of  transformations  to  verify  that  domains  of  definition  have 
been  preserved.  This  is  not  very  satisfeictory  if  the  rules  are  to  be  used  as  a  formal 
system. 

1.3.2.  Transformations  on  expression  procedures 

Various  restricted  systems  of  rules  have  been  proposed  that  give  rise  to  trans¬ 
formations  that  preserve  domains  of  definition.  Such  transformation  rules  are 
called  safe.  Scherlis  [1980]  describes  a  transformation  system  for  expression  pro¬ 
cedures.  In  this  system  transformations  are  carried  out  on  a  system  of  definitions 
of  the  form  E  *—  F  where  E  and  F  are  expressions.  Such  definitions  are  used  as 
rules  for  computing  by  matching  the  left  hand  side  and  replacing  it  by  the  corre¬ 
sponding  righthand  side  -  thus  treating  expressions  as  complex  function  names. 
The  key  transformation  rules  are 

■  (apply)  If  fl^{F(ei,...,c,„)}  and  F(xi,...  ,x,n)  G(xi,...,x,„)  are  in 

€  then  add  ^  ... ,Cm)}* 

•  (compose)  U  E  F  is  in  £  then  add  H{E}  *-  H{F}. 

■  (abstract)  If  E  *—  H{G{ei,.. .  ,em)}  is  in  £  then  add  E  *—  ff{/(ei,.. .  ,Cm)} 
and  /(xi, . . .  ,Xm)  •<—  G(xi, . . .  ,Xm)  where  /  is  a  new  function  symbol. 

■  (simplify)  like  the  Burstall  and  Darlington  rule. 

where  H{...y  is  an  expression  context.  The  composition  rule  provides  a  means 
of  specializing  to  a  p2U’ticular  context  and  thus  to  make  improvements  based  on 
this  additional  information  that  would  not  be  valid  in  general.  Restrictions  on 
the  transformation  rules  that  insure  safety  are  defined  by  introducing  a  notion  of 
computational  progress.  For  a  given  initial  system  of  definitions,  computational 
progress  is  defined  by  finding  a  suitable  well-founded  relation  on  expressions.  A 
definition  E  <—  F  is  progressive  relative  to  a  system  of  definitions  if  computational 
progress  is  made  whenever  a  ground  instance  of  E  is  replaced  by  the  corresponding 


^  Burstall  and  Darlington  worked  with  systems  of  equations  interpreted  using  a  call-by¬ 
name  computation  rule  rather  than  call-by- value.  The  general  ideas  are  the  same  and 
the  same  problems  just  appear  in  different  guises. 
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instance  of  F.  The  initial  system  is  progressive,  by  criteria  imposed  on  the  well- 
founded  relation,  and  the  rules  are  restricted  to  a  set  that  preserve  progressiveness. 
Thus  safeness  is  insured.  This  system  is  more  expressive  than  the  original  system 
of  Burstall  and  Darlington  and  can  in  fact  be  used  as  a  theorem  proving  system 
deriving  such  theorems  as  associativity  of  append. 

To  illustrate  these  rules  we  derive  an  iterative  definition  of  the  function  that 
reverses  lists  from  a  simple  recursive  definition.  For  this  derivation  we  assume 
that  the  data  domain  consists  of  lists  and  that  append  is  a  primitive  operation 
satisfying  the  following  axioms  (simplification  rules). 

(if.null)  (u  =  NIL  — ^  Ca  =  ct,)  — »  if  {null  {u),e  a,  z)  —  if{null{u),eb,z) 

(app.if.dist)  if(x,j/,2)  ov  =  if(x,yov,2  0t>) 

(app.assoc)  (u o v)  o tu  =  uo{voxv) 

(app.nil)  NIL  o  u  =  u  o  NIL  =  u 

(app.one)  cons{u,  NIL)  o  v  =  cons{u,  v) 

The  derivation  begins  with  a  system  consisting  of  the  single  definition  (revr)  for 
reverse. 

(revr)  revr{u)  •«— if(nu//(u),tt, rcvr(cdr(u))  ocon5(cor(u), NIL)) 

Using  composition,  (revr.v)  is  added,  defining  the  expression  procedure  reur(u)ov. 
Note  that  the  recursive  call  to  revr  is  an  instance  of  this  expression. 

(revr.v)  ret;r(u)  ov  *—  (if(nu//(u),u,ret;r(cdr(u))  ❖con5(car(u),  NIL)))  ow 

By  the  simplification  rule  (revr.v)  is  replaced  by  (revr.v')  using  (if.null),  (app.if.dist), 
(app.nil)  and  (app.one). 

(revr.v')  revr{u)  ov  *—  if  {null{u),v, revr{cdr{u))  o  cons{car{u),v)) 

Applying  abstraction  to  (revr.v'),  (revr .rev)  and  (rev.revr)  are  added,  introducing 
rev  as  a  name  for  the  procedure  A(u,  v)reur(u)  o  v. 

(revr.rev)  revr(u)  ov  *—  rev{u,v) 

(rev.revr)  rew(u,v)  if  {null  {u),v,  revr  {cdr{u))  o  cons{car{u),v)) 

Instantiating  (revr.rev)  with  v  =  NIL  and  using  (app.nil)  we  obtain  (reverse), 
(reverse)  revr (u) rev (tt,  NIL) 

Finally  using  application  of  (revr.rev)  in  (rev.revr)  we  obtain  (rev) 

(rev)  rcu(u,v)  *r-if{nuU{u),v^rev{cdr{u)),cons{car{u),v)) 

Taking  (reverse,rev)  as  the  final  system  of  equations  we  have  the  improved  defini¬ 
tion  of  revr. 
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1.3.3.  Derived  programs 

Another  kind  of  program  transformation  is  the  definition  of  operations  that 
change  a  program  into  one  that  computes  some  property  of  the  computation  de¬ 
scribed  by  the  original  program.  The  resulting  programs  are  called  derived  pro¬ 
grams  by  McCarthy.  The  effect  of  such  a  derivation  is  to  transform  intensional 
properties  of  a  given  program  into  extensional  properties  of  the  derived  program. 
For  example 

cons.rev{x)  *—  if  {null{x), 0,1  -I-  con5.rev(cdr{x))) 

is  derived  from  the  definition  of  revr  given  above  by  the  system  of  equations 
(reverse,  rev)  and  computes  number  of  cons  operations  done  in  reversing  a  list 
using  this  definition.  It  is  easy  to  see  that 

cons. rev  (x)  =  length{x) 

Using  cons.append{x,y)  =  length[x),  a  similar  analysis  of  the  definition  of  revr 
given  by  the  equation  (revr)  above  gives 

ltngth{x) 

cons.revr{x)  =  {length{x)  *  {length[x)  +  i))/2=  E 

t=0 

This  provides  a  measure  of  the  improvement  produced  by  the  program  transfor¬ 
mation. 

Wegbreit  [1975]  gives  a  system  for  mechanical  analysis  of  the  cost  of  execut¬ 
ing  programs  -  considering  such  costs  as  procedure  call,  variable  references,  and 
execution  of  primitive  operations.  The  analysis  produces  a  program  for  comput¬ 
ing  the  cost  of  executing  a  given  program  as  a  function  of  its  input  parameters. 
Scherlis’s  system  has  been  extended  to  carry  out  this  sort  of  transformation.  This 
is  accomplished  by  the  addition  of  rule  schemes  for  each  program  construct  and  for 
the  costs  to  be  measured  (Scherlis,  private  communication).  In  addition  to  costs 
associated  with  computations,  one  may  also  be  interested  the  maximum  amount  of 
a  resource  in  use  at  any  point  in  a  computation.  For  example,  if  we  elaborate  our 
computation  model  so  that  cons  is  a  storage  allocation  primitive,  then  a  derivation 
can  be  defined  such  the  derivation  of  a  program  p  computes  the  maximum  amount 
of  storage  in  use  at  any  point  in  the  computation  described  by  p. 

There  are  more  exotic  derived  programs,  for  example  trace.rev{x,  y)  computes 
a  “trace”  of  the  computation  of  rev[x,y),  i.e.  a  tree  of  instances  of  function  calls. 

trace.rev{x,y)  *—  <<REV,x,  t/>, 

<NULL,x>, 
if  (n«//(x), 

NIL, 

trace. rev  [edr  (x) ,  cons  (cor  (x) ,  y) ) )  > 
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For  the  exzunple, 


trace.revm  2).  NIL)  =  ((REV  (1  2)  NIL) 


(NULL  (1  2)) 

((REV  (2)  (D) 
(NULL  (2)) 

((REV  NIL  (21)) 
(NULL  NIL)))) 


1.4.  Applicative  expressions 

1.4.1.  Mechanical  evaluation  of  applicative  expressions 

Landin’s  work  developing  the  theory  of  applicative  expressions  as  rules  for 
computation  and  as  a  place  to  represent  programming  concepts  is  the  starting 
point  of  our  discussion  and  the  source  of  several  important  ideas.  Landin  [1964] 
considers  the  problem  of  assigning  ‘applicative’  structure  to  familiar  mathematical 
expressions  in  order  to  be  able  to  infer  rules  for  computation  of  the  values  denoted 
by  such  expressions.  A  lambda-calculus-like  language  AE  (for  Applicative  Expres¬ 
sions)  is  defined  together  with  a  computation  domain  and  an  abstract  machine 
SECD  for  “mechanical  evaluation”  of  expressions  of  AE.  Expressions  of  AE  are 
built  from  variable  symbols  by  application  eo(ei)  and  abstraction  A(x)e.  Objects 
called  environments  assign  values  in  the  computation  domain  to  free  symbols  of 
expressiorts.  The  value  of  A(x)c  in  an  environment  ^  is  a  closure  (A(x)e  I  $),  which 
is  the  function  determined  by  A(x)e  with  the  free  symbols  fixed  to  be  the  values 
assigned  by  The  computation  domain  (values)  consists  of  given  data,  primitive 
functions,  and  closures.  The  rules  for  computation  are  uniformly  parameterized 
by  the  given  data  and  primitive  functions  by  assuming  there  is  also  given  a  binary 
application  function  ap  which  interprets  the  primitive  functions.  ap{f,v)  is  the 
result  of  applying  the  primitive  function  /  to  the  value  v.  A  primitive  function 
may  be  applied  to  any  sort  of  value  -  data,  another  primitive  function  or  a  closure, 
and  may  return  any  sort  of  value.  [This  allows  conditional  to  be  treated  as  a 
primitive  function,  and  provides  for  binary  primitive  functions  by  currying.) 

The  SECD  machine  is  a  set  of  states  together  with  a  set  of  transition  rules.  An 
SECD  machine  state  is  a  tuple  a  is  the  value  stack  (S),  a  sequence 

of  intermediate  values  for  the  current  subcomputation.  7  is  the  control  stack 
(C),  a  sequence  of  expressions  to  be  evaluated  and  application  marks  ap  which 
serve  to  group  pairs  of  values  which  come  from  an  application  expression.  ^  is  an 
environment  (E)  used  to  interpret  free  variables  occurring  in  expressions  on  the 
control  stack.  ^  is  a  dump  (D),  which  is  either  empty  or  a  state  <<t', 

The  dump  describes  what  is  to  be  done  when  the  control  stack  is  exhausted,  i.e. 
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when  evaluation  of  the  current  subexpression  is  complete.  The  dump  represents 
tlie  computation  context  built  up  when  the  current  subcomputation  was  begun. 
The  set  of  transition  rules  for  the  SECD  machine  is  so  short,  we  list  it  in  entirety. 


(var)  <a,  (,  [1x1,7],  S>  f-*  <[^{IxI),cf],  C,  7> 

(lam)  <cr,  £,  [lA(x)e|,7],  S>  <[(A(x)c  I  0>^]> 

(app)  <<T,  £,  [|co(«i)I,7]>  '-*•  <<^5 

(ap.clos)  <[(A(i)c  I  ^o),t;,<7],  [ap,7],  6>  t-+ 

<°,  ^odxj v},  |e|,  <a,C,'l,S» 

(ap.prim)  <[/,v,a],  [ap,7]» 

(ret)  <[v,o'],  D»  «^o,^o,'yo,^o>  <[v,t^o],  ^o,  7o,  ^o> 


Here,  following  the  conventions  of  work  in  semantics,  we  are  using  |c|  to  emphasize 
that  we  are  thinking  of  e  as  a  data  structure  (in  some  suitable  encoding).  ^(|x|) 
is  the  value  associated  to  the  variable  Jxl  by  the  environment  ^  and  ^odx] 
is  the  environment  that  associates  v  to  |x|  and  is  otherwise  like  ^o* 

To  compute  the  value  of  an  expression  e  in  an  environment  ^  the  SECD 
machine  is  started  in  the  state  <□,  ^,  |e|,o>.  Computation  proceeds  by  repeated 
application  of  the  transition  rules.  The  computation  returns  the  value  u  if  a  state 
<w,  ^,D,n>  is  reached. 

Note  that  the  structure  of  an  SECD  machine  state  amounts  to  using  a  stack  to 
implement  a  simple  recursive  definition  of  the  value  of  an  expression  environment 
pair.  (See  our  discussion  of  Reynolds  [1972]  below.) 

Landin  [1965]  extends  AE  to  lAE  (imperative  applicative  expressions)  by 
adding  imperative  computation  primitives.  The  primitive  of  interest  here  is  the 
[in]famous  “Landin  J  operator”.  J(A(x)e)  is  a  program  point  -  it  marks  a  point 
in  the  execution  of  program.  The  value  of  a  program  point  is  a  program  closure 
which  contains  the  lambda-expression,  the  current  environment,  and  the  current 
dump.  Application  of  a  program  closure  applies  the  lambda-closure  part  to  the 
argument  and  returns  the  value  at  the  point  where  the  program  closure  was  made. 
The  rule  for  application  of  a  program  closure  is 


<[(J(A(x)c)  I  ^o,^o>,u,f^],C,[op,7],^>  >->■  <°,Co{[IxI-^v},[eJ,5o> 

lAE  was  used  by  Landin  to  interpret  AlgolCO  programs  and  hence  to  provide  a 
simple  and  computationally  meaningful  semantics. 
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Landin  [1966]  elaborates  lAE,  adding  “syntactic  sugar”  which  serves  to  iden¬ 
tify  additional  important  computational  structures  expressed  by  lAE.  The  result¬ 
ing  language  is  called  Iswim  (If  you  See  What  I  Mean),  which  Landin  presents  as 
a  framework  providing  mechanisms  for  naming  things  (binding)  and  for  defining 
functional  relations.  The  point  is  to  reduce  language  design  to  a  matter  of  choosing 
primitive  data  and  operations  and  choosing  printed  and  physical  representations. 

The  fact  that  in  AE,  the  value  of  an  application  eo(ei)  depends  only  on  the 
values  of  the  component  expressions  and  not  on  the  computations  described  by 
the  component  expressions  suggests  that  there  is  an  equivalence  on  expressions 
satisfying  laws  analogous  to  those  of  the  lambda  calculus  (and  possibly  additional 
laws).  Landin  gives  some  axioms  for  equivalence  of  Iswim  expressions.  Some  of 
the  axioms  are  “sugar  elimination”  axioms  that  serve  to  define  the  added  syntactic 
entities  of  Iswim  in  terms  of  lAE  expressions.  The  more  substantial  axioms  fall 
into  three  categories:  substitutivity,  naming,  and  simplifications.  Substitutivity 
has  to  do  with  determining  when  a  subexpression  can  be  replaced  by  an  equivalent 
one  without  changing  the  equivalence  class  of  the  whole  expression.  For  example 


Co  =  Cl  c(co)  =  c(ci). 

Naming  has  to  do  with  what  instances  of  beta  conversion  are  allowed.  In  general 
such  conversions  are  restricted  to  AEs  since  they  affect  the  order  of  evaluation  of 
expressions.  Simplifications  are  equivalences  related  to  primitive  operations.  For 
example,  axioms  for  properties  of  pairing  and  projection  operations  would  fall  in 
this  category  as  would  axioms  about  distribution  of  application  over  a  conditional 
operator.  No  axioms  for  formation  of  abstraction  are  given.  Neither  are  any 
criteria  for  inequivalence  given. 

Remarks 

The  initial  motivation  given  by  Landin  for  developing  the  theory  of  applicative 
expressions  is  analogous  to  (and  derives  from)  Church’s  motivation  for  developing 
the  lambda  notation  and  the  lambda  calculus  as  stated  in  the  introduction  of 
Church  [1941]:  “to  analyze  the  concept  of  function  as  it  appears  in  various  branches 
of  mathematics” .  Landin  was  working  with  languages  for  describing  computations 
to  computers  while  Church  was  interested  in  understanding  properties  of  functions 
independent  of  their  use  in  a  particular  context. 

AE  is  a  simple,  elegant  and  powerful  language.  Landin  presents  expressions 
and  other  objects  as  abstract  data  structures,  using  abstract  syntax,  and  formu¬ 
lates  computation  rules  independently  of  the  given  data  and  primitive  operations. 
The  function  and  argument  positions  in  application  expressions  are  treated  sym¬ 
metrically.  The  SECD  abstract  machine  gives  a  simple  interpretation  of  expres¬ 
sions  as  rules  for  computation. 
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Tn  McCarthy  [1963b]  a  similar  separation  of  data  and  computation  rules  is 
Tj^cide.  This  formalism  is  limited  to  first-order  functions  and  does  not  treat  func¬ 
tion  or  control  abstractions.  Systems  of  recursive  definitions  can  be  viewed  as  a 
fragment  of  AE  by  assuming  conditional  to  be  among  the  primitive  operations. 

No  dialect  of  Lisp  provides  meaning  of  programs  independent  of  the  S-expression 
world;  S-expressions  are  a  fundamental  part  of  Lisp.  The  main  Lisp  dialects  eval¬ 
uate  the  function  position  according  to  special  rules  -  partly  because  Lisp  was 
originally  conceived  as  as  first-order  language  with  lambda  as  a  notational  conve¬ 
nience  and  partly  for  reasons  of  efficiency. 

Landin’s  environments  and  closures  are  data  abstractions  of  the  a-lists  and 
funargs  of  Lisp  1.5.  Program  points  are  more  general  and  mathematically  simpler 
than  the  labeling  and  jumping  mechanisms  of  Algol60  or  catch  and  throw  of 
Maclisp.  Environment  descriptors  of  Interlisp  provide  capability  of  implementing 
both  closures  and  program  points  and  Scheme  continuations  are  equivalent  to 
program  closures. 

1.4.2.  Information  structures  for  modeling  computation 

Wegner  [1971]  proposed  the  use  of  information  structures  for  modeling  com¬ 
putation.  The  idea  is  to  characterize  computations  by  the  class  of  data  structures 
generated  during  computation  and  by  the  transformations  acting  on  these  struc¬ 
tures.  An  information  structure  is  a  triple  <J, /o,i^>  where  J  is  a  set  of  data 
structures,  Iq  is  the  subset  of  I  consisting  of  the  initial  state  structures,  and  F  is 
a  set  of  transformations  on  I. 

Automata,  digital  computers,  and  programming  languages  can.  be  modeled 
uniformly  using  information  structures.  By  modeling  computation  using  informa¬ 
tion  structures  one  can  reduce  proving  properties  of  programs  to  proving  properties 
of  the  underlying  structures,  or  of  equivalence  classes  of  structures.  This  paradigm 
also  provides  a  framework  for  formal  treatment  of  compiling  since  an  important 
aspect  of  a  compiler  correctness  proof  is  proving  equivalence  of  source  and  target 
language  interpreters. 

Among  the  examples  treated  by  Wegner  are  Algol60-like  languages,  the  Bur¬ 
roughs  B6500  computer,  and  Snobol.  He  does  not  attempt  to  treat  abstraction 
and  application  as  computation  primitives. 

An  important  example  of  the  information  structure  approach  is  the  Vienna 
Definition  Language  (VDL)  (Wegner  [1972]).  This  is  a  programming  language  for 
defining  programming  languages.  The  information  structures  are  tree  structures. 
The  leaves  are  called  elementary  objects  and  composite  trees  are  finite  sets  of 
selector  tree  pairs.  Thus  components  of  a  composite  tree  are  unordered  and  a 
subtree  in  given  by  path  which  is  a  sequence  of  selectors. 
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Programs  are  represented  as  trees  -  corresponding  directly  to  the  use  of  ab¬ 
stract  syntax  to  specify  the  syntax  of  a  programming  language  (McCarthy  [1963a] ). 
The  semantics  of  a  programming  language  is  defined  in  terms  of  sequences  of  trans¬ 
formations  on  computation  states.  The  key  component  of  a  computation  state  is 
the  control  tree.  Transformations  fall  into  two  categories  (i)  macro  instructions 
and  (ii)  value  returning  instructions.  A  macro  instruction  causes  a  leaf  of  the  con¬ 
trol  tree  to  be  replaced  by  a  subtree  of  instructions.  No  other  component  of  the 
computation  state  is  affected.  A  value  returning  instruction  deletes  a  leaf  of  the 
control  tree  having  an  immediate  value  and  propagates  the  value  to  predecessor 
nodes.  It  may  also  affect  other  components  of  the  computation  state. 

An  important  application  of  this  approach  to  semantics  is  the  development 
of  methods  for  proving  equivalence  of  different  representations  of  computation 
state  and  rules  for  evaluation  for  a  given  language.  An  example  is  given  proving 
equivalence  of  two  semantics  for  a  simple  block  structured  language.  VDL  is  also 
defined  in  VDL. 

Remarks 

Landin’s  SECD  machine  can  easily  be  formulated  in  the  information  structure 
framework.  The  important  feature  is  that  the  SECD  structures  are  highlevel  data 
abstractions  and  naturally  derived  from  the  structure  of  expressions.  The  Interlisp 
environment  descriptors  can  also  be  thought  of  as  information  structures. 

The  information  structure  approach  seems  ideal  for  treating  intensional  prop¬ 
erties  of  programs,  but  it  does  not  seem  to  have  been  used  for  this  purpose. 

1.4.3.  Call-by-value  lambda  calculus 

Since  applicative  expressions  are  just  terms  of  the  lambda-calculus,  the  ques¬ 
tion  arises  as  to  how  the  notions  of  value  and  evaluation  compare  to  the  notions 
of  reduction  and  normal  form.  In  order  to  make  meaningful  comparisons  it  is  nec¬ 
essary  to  distinguish  between  two  basic  choices  for  evaluation  rules.  According  to 
the  transition  rules  for  the  SECD  machine,  in  order  to  evaluate  co(ci)  the  value  of 
Cl  is  computed,  then  the  value  of  cq  is  computed,  then  application  is  carried  out  (if 
meaningful).  The  value  of  the  argument  must  be  computed  even  if  it  is  not  used 
in  computing  the  value  of  the  application.  Thus  we  say  SECD  machine  evaluation 
obeys  the  eall-by-value  evaluation  rule.  An  alternative  is  to  first  evaluate  cq  and, 
in  the  case  that  the  value  is  a  closure,  substitute  the  argument  expression  for  the 
bound  variable  rather  than  evaluating  it.  This  is  a  call-by-name  evaluation  rule. 
Note  that  the  function  given  by  a  lambda-expression  using  the  call-by-name  rule 
may  be  defined  for  some  arguments  for  which  computation  would  not  terminate 
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using  the  call-by-value  rule.  The  classical  example  (derived  from  Morris  [1968])  is 
the  function  defined  recursively  by 

f[x,y)  f-  if(x  =  0,1, /(i  -  l,/(x,y))). 

If  evaluated  call-by-value  /(O)  =  1  and  for  n  >  0  the  computation  of  f{n)  does 
not  terminate.  If  evaluated  call-by-name  /(n)  =1  for  any  natural  number  n.  The 
order  and  number  of  times  that  a  subexpression  is  evaluated  also  depends  on  the 
choice  of  evaluation  rule.  Thus  in  a  language,  such  as  lAE,  with  escape  mechanisms 
or  in  which  evaluation  of  expressions  may  have  “side-effects” ,  the  value  returned 
will  in  general  depend  on  the  choice  of  evaluation  rule. 

We  will  focus  on  the  results  for  the  case  of  call-by-value  evaluation.  Plotkin 
[1975]  defines  a  call-by-value  variant  of  the  lambda  calculus,  Lambda-v.  The 
language  of  Lambda-v  is  a  variant  of  AE  using  constant  symbols  rather  than  envi¬ 
ronments.  There  is  a  constant  symbol  for  each  element  of  the  given  data  domain 
and  for  each  primitive  function.  Thus  for  every  expression-environment  pair  of 
AE  there  is  a  corresponding  closed  term  in  the  extended  language  obtained  by 
hereditarily  substituting  constant  or  operation  symbols  for  variables  bound  to 
data  or  primitive  operations,  and  substituting  closed  lambda  terms  for  variables 
bound  to  closures.  For  any  closed  expression  of  the  extended  language,  there  is 
an  expression-environment  pair  of  AE  that  corresponds  to  this  expression.  If  two 
expression-environment  pairs  of  AE  correspond  to  the  same  expression  then  they 
have  corresponding  values  (or  both  are  undefined).  Thus  for  closed  c  we  say  c  eval¬ 
uates  to  V  if  SECD  computation  of  some  corresponding  expression-environment 
pair  returns  a  value  corresponding  to  v.  We  say  e  is  undefined  if  SECD  computa¬ 
tion  of  some  corresponding  expression-environment  pair  does  not  return  a  value. 

A  valut  expression  is  a  variable,  a  constant,  or  an  expression  of  the  form 
A(x)e.  For  simplicity,  primitive  functions  are  restricted  to  act  only  on  data  but 
may  return  any  closed  value  expression.  The  reduction  rules  for  Lambda-v  are  the 
usual  rules  for  the  lambda  calculus  (see  Church  [1941]  or  Barendregt  [1981])  with 
two  exceptions:  (i)  the  /?  rule  which  is  replaced  by  the  /?-v  rule  and  (ii)  a  5-rule 
added  for  primitive  application. 

(/3-v)  {A(i)e}ei  >v  ejfj  if  ei  is  a  value  expression 

(5)  f[d)  >v  ap{f,d)  if  /  is  a  primitive  function  symbol, 

d  is  a  data  symbol  and  ap{f,  d)  is  defined 

=„  is  the  symmetric  closure  of  >„.  An  expression  is  in  value  normal  form  (VNF) 
if  it  has  no  subexpression  to  which  the  (/3-v)  or  (5)  rule  applies. 

The  key  theorems  for  Lambda-v  and  values  are 
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(Substitutivity)  If  eo  =v  ci  aJid  c  is  a  value  expression  then  eol®  =« 
(Church-Rosser  property)  If  c  >„  co  and  e  >„  a  then  there  is  C2  such  that 

Co  62  2Uld  Cl  >v  S2 
(Evaluation)  For  closed  e 

(i)  if  c  evaluates  to  v  then  e  >„  v 

(ii)  if  e  =v  v'  for  some  value  u'  then  e  evaluates  to  v  for  some  value  v 
Some  additional  points  of  interest  are 

(Non-substitutivity)  The  value  requirement  for  (Substitutivity)  is  necessary.  A 
counter  example  is  Co  =  {A(i)A(x)x}a:,  ci  =  A(x)x,  ande  =  {A(x)x(x)}A(x)x(x). 

(Non-Church-Rosser)  ff  value  is  replaced  by  VNF  in  the  fi-v  rule,  the  rules  no 
longer  have  the  Church-Rosser  property. 

In  addition  to  Lambda-v  equivalence,  Plotkin  defines  a  natural  notion  of 
equivalence  of  expressions  called  operational  equivalence.  Intuitively,  two  expres¬ 
sions  are  operationally  equivalent  iff  one  can  replace  the  other  in  any  closeed  term 
without  changing  the  “meaning”  of  the  term.  More  precisely,  the  operational 
equivalence  relation  «  is  defined  by  cq  «  ci  iff  for  any  expression  context  C{. . .} 
such  that  C{eo}  and  C{ei}  are  both  closed,  either  (U)  holds  or  (V)  holds. 

(U)  Both  C'{eo}  and  C{ei)  are  undefined  (SECD  computation  does  not  return  a 
value). 

(V)  There  are  closed  values  vo,  ui  such  that  C{co}  has  value  vq  and  C{ei}  has 
value  ui  and  if  either  wq  or  is  a  data  constant  then  vq  =Vi. 

The  relation  between  operational  equivalence  and  Lambda-v  equivalence  is 

(i)  Co  =t,  Cl  implies  cq  «  ci 

(ii)  The  converse  of  (i)  does  not  hold.  A(x)x(A(y)x(j/))  is  operationally  equivalent 
to  A(x)x(x)  but  A(x)x(A(y)x(i/))  =v  A(x)x(x)  can  not  be  derived  using  the 
lambda  rules. 

1.4.4.  Meta-programming 

Morris  [1970]  (see  also  Reynolds  [1972])  proposed  using  simple  applicative 
languages  such  as  AE,  which  have  comparatively  well-understood  semantics,  to 
define  the  semantics  of  more  complex  languages.  This  approach  makes  formal  lan¬ 
guage  definition  a  (meta)  programming  activity  -  namely  programming  functions 
that  compute  the  meaning  of  program  expressions.  Morris  outlined  a  number  of 
ideas  about  how  this  could  be  accomplished.  For  example,  assuming  that  the  given 
primitive  operations  for  AE  include  conditional  and  that  the  given  data  include 
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data  structures  for  expressions,  closures,  environments,  and  dumps  the  evaluation 
function  determined  by  the  SECD  transition  rules  can  be  directly  described  by 
an  AE  program.  Alternatively,  using  application  and  abstraction,  objects  of  the 
semantic  domain  such  as  closures,  environments  and  program  closures  can  be  rep¬ 
resented  as  AE  functions  rather  than  as  data  structures.  To  describe  non-lexical 
control  sequencing  constructs  such  as  goto,  escape  mechanisms  such  as  error  ex¬ 
its  or  catch  and  throw,  or  co-routine  mechanisms,  it  is  necessary  to  specify  the 
continuation  of  a  computation  at  each  point  of  a  program.  To  define  semantics  of 
languages  with  updating  or  non-lexical  control,  it  is  also  necessary  to  insure  that 
evaluation  is  carried  out  in  the  proper  order  -  to  maintain  control  over  control. 

Reynolds  [1972]  studies  definitional  interpreters  (programs  defining  semantic 
meaning  functions) ,  taking  both  the  defining  and  defined  languages  to  be  variants 
of  AE.  An  important  question  to  consider  is  the  affect  of  the  semantics  of  the 
defining  language  on  the  semantics  implied  for  the  defined  language.  For  example 
is  the  evaluation  rule  obeyed  by  the  defined  language  affected  by  the  choice  of 
evaluation  rule  for  the  defining  language?  Can  the  defined  language  be  extended 
with  out  major  modification  of  the  interpreter?  The  choice  of  control  structure  for 
the  interpreter  is  the  key  for  these  questions.  Another  question  is  what  information 
is  gained  about  data  structures  needed  to  carry  out  computations.  The  choice  of 
semantic  domains  is  important  here. 

Reynolds  defines  four  interpreters,  combining  different  choices  of  control  struc¬ 
ture  and  semantic  domain.  The  choices  for  control  structure  are  meta-circular  (Me) 
(terminology  due  to  Reynolds)  and  continuation-passing  (Cp).  A  meta-circular  in¬ 
terpreter  interprets  constructs  of  the  defined  language  by  using  the  corresponding 
construct  of  the  defining  language.  This  is  analogous  to  the  informal  use  of  “and” 
and  “for  all”  to  define  the  semantics  of  the  logical  connectives  A  and  V.  The  com¬ 
putation  context  built  up  in  carrying  out  the  defined  computation  is  represented 
by  that  built  up  in  carrying  out  the  defining  computation.  A  continuation-passing 
interpreter  represents  the  context  built  up  in  carrying  out  the  defined  computa¬ 
tion  as  an  explicit  parameter  of  the  interpreter  (the  continuation).  No  context  is 
built  up  in  the  defining  computation.  The  choices  for  representing  objects  of  the 
semantic  domain  are  (ho)  as  functions  defined  by  AEs  -  making  the  interpreter 
higher-order,  and  (fo)  as  abstract  data  structures  -  making  interpreter  first-order. 

The  four  interpreters  are  related  by  informal  transformations  illustrating  the 
passage  from  meta-circular  to  continuation-passing,  passage  from  higher-order  to 
first-order,  and  passage  from  first-order  to  higher-order. 

(Mc.ho)  (Mc.fo)  (Cp.fo)  (Cp.ho) 

This  provides  useful  insight  into  the  relations  and  distinctions  between  the  various 
choices. 
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To  illustrate  the  issues  discussed  above  we  look  in  more  detail  at  some  of 
the  features  of  these  interpreters.  The  application  and  lambda  clauses  for  the 
higher-order  meta-circular  interpreter  (Me  .ho)  satisfy 

eva/([eo(ci)|,0  ~  {eva/([eoI,  0}evo^(leil>  0 

cva/(l|A(x)cJ,£)  --  A{t;)eva/{|cJ,^{|a:l-<-v}) 

^  is  an  environment  -  here  a  function  mapping  (codes  for)  variables  to  values  and 
^{|[xl  v}  is  the  function  given  by  A(o)if  (a  =  ^(a)) 

A  meta-circular  interpreter  is  concise  and  elegant,  but  uninformative  in  that  it 
presumes  the  control  constructs  are  already  understood.^  Since  for  a  meta-circular 
interpreter  the  meaning  of  application  in  the  defined  language  is  directly  deter¬ 
mined  by  that  of  the  defined  language,  the  rule  obeyed  by  the  defining  language 
is  inherited  by  the  defined  language. 

The  interpreter  (Cp.ho)  is  derived  from  (Mc.ho)  by  a  transformation  to  con¬ 
tinuation-passing  style.  The  transformation  introduces  an  additional  parameter 
which  represents  the  remainder  of  the  computation  at  each  stage  and  unwinds 
complex  applications  so  that  computation  proceeds  by  construction  of  continua¬ 
tions  and  applying  them  to  results  of  basic  computations  guaranteed  to  terminate. 
A  continuation-passing  interpreter  provides  a  definition  that  is  independent  of  the 
evaluation  rule  obeyed  by  the  defining  language.  The  key  observation  is  that  the 
value  of  an  expression  only  depends  on  the  evaluation  rule  if,  in  the  course  of 
evaluation,  an  application  expression  is  encountered  in  which  evaluation  of  the 
argument  causes  a  function  call  that  does  not  terminate. 

Letting  q  stand  for  a  continuation,  the  application  and  lambda-clauses  for  the 
(Cp.ho)  satisfy 

cva/(|co(ei)I,£,'7)  ~  cva/(|coI,  A(/)cva/(|eiJ,  £,  A(t;)/(t;,'y))) 
cva/(|A(x)cJ,^,'y)  ~  1f(A(u,7o)eval(|eI,  ^{|x]  ^  t;},7o)) 


By  replacing  the  higher-order  objects  in  the  semantic  domain  such  as  envi¬ 
ronments,  closures,  and  continuations  by  data  structures,  the  higher-order  inter¬ 
preters  can  be  transformed  into  first-order  interpreters.  One  distinction  between 
first-order  and  higher-order  is  that  higher-order  avoids  (ugly)  details  about  the 


^  The  existence  of  a  meta-circular  interpreter  is  a  kind  of  closure  condition  on  the 
computation  primitives  and  underlying  data  domain.  It  means  that  the  data  structure 
is  adequate  to  encode  the  syntax  and  the  control  structure  is  adequate  to  describe  the 
computations  without  further  encoding  of  information  as  data. 
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■  itn  structures  (defining  constructors,  selectors,  . . .).  Of  course,  defining  a  first- 
order  interpreter  gives  more  information  about  the  data  structures  generated  in 
the  process  of  carrying  out  a  computation  -  precisely  those  ugly  details  about 
constructors,  selectors, . . .  -  and  provides  a  basis  for  representing  intensional  prop¬ 
erties. 

(Cp.fo),  the  first-order  continuation-passing  interpreter,  naturally  determines 
a  machine  analogous  to  the  SECD  machine.  Cp-machine  states  are  the  argument 
triples  <|e|,^,'y>  of  (Cp.fo).  The  clauses  in  the  definition  of  (Cp.fo)  correspond 
directly  to  transition  rules.  Thus  a  (Cp.fo)  style  interpreter  is  very  close  to  the 
information  structure  approach  of  modeling  computation. 

A  continuation-passing  interpreter  is  readily  extended  to  imperative  con¬ 
structs  such  as  assignment  and  escape  or  labeling  mechanisms.  This  is  illustrated 
by  adding  expressions  escape(x)g  to  the  defined  language.  Escape  expressions  are 
the  natural  analog  of  Landin’s  J  for  the  Cp  machine.  To  evaluate  escape(x)e  the 
escape  function  corresponding  to  the  current  continuation  is  bound  to  x  and  eval¬ 
uation  of  c  is  carried  out  in  the  extended  environment.  When  the  escape  fimction 
corresponding  to  a  continuation  7  is  applied  to  a  value  and  another  continuation 
7o5  computation  proceeds  by  returning  the  value  to  7.  Thus  escaping  from  the 
context  7o  to  7.  The  (Cp.ho)  clause  for  evaluating  an  escape  expression  satisfies 

et;a/(|escape(x)e|,^,7)  ~  et;a/(|c|,  ^{|x| A(t>,7o)7(v)}>'y) 

In  order  to  obtain  meta-circular  a  definition  of  the  language  with  escape  added, 
it  is  necessary  to  extend  the  defining  language  as  well. 

1.4.5.  Scott- Strachey  semantics 

“Scott- Strachey”  semantics  is  a  method  for  defining  semantic  meaning  func¬ 
tions  for  arbitrary  languages  based  on  giving  domain  equations  for  syntactic  and 
semantic  domains  and  giving  semantic  equations,  expressed  in  an  AE-like  lan¬ 
guage,  for  meaning  functions.  An  important  goal  guiding  the  choice  of  seman¬ 
tic  domains  is  that  semantic  meaning  functions  should  be  compositional.  That 
is,  the  meaning  of  an  expression  should  be  determined  by  the  meanings  of  its 
sub-expressions,  and  should  not  depend  on  the  context  in  which  it  is  contained. 
Wadsworth  independently  developed  similar  ideas  to  those  of  Morris  for  handling 
non-local  jumps  using  continuations  and  these  ideas  were  applied  by  Strachey  and 
Wadsworth  [1974]  to  extend  the  basic  Scott-Strachey  methods. 

Typically,  in  the  Scott-Strachey  approach,  the  semantics  of  the  defining  lan¬ 
guage  is  given  by  interpreting  lambda  expressions  in  extensional  models  (Scott 
models)  constructed  by  solving  domain  equations  using  structures  that  are  com¬ 
plete  partial  orders.  The  solutions  to  the  semantic  equations  are  functions  in  the 
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extensional  sense  of  being  determined  by  their  graph.  Higher  order  interpreters 
such  as  (Mc.ho)  or  (Cp.ho)  will  thus  assign  extensional  denotations  to  higher  order 
objects  of  the  defined  language.  First  order  interpreters  such  as  (Mc.fo)  or  (Cp.fo) 
will  however  assign  “codes”  as  denotations  to  higher  order  objects  of  the  defined 
language.  By  suitable  choice  of  semantic  domains,  the  Scott-Strachey  methods 
could  be  used  to  interpret  programs  by  transitions  on  information  structures  in 
the  sense  of  Wegner,  although  we  are  not  aware  that  this  has  in  fact  been  done. 

In  contrast,  if  the  defining  language  AE  is  interpreted  by  the  SECD  machine, 
the  functions  given  by  lambda  expressions  are  functions  in  the  intensional  sense 
of  being  rules  for  computation.  One  can  infer  equivalence  relations  for  defined 
expressions  from  lambda-v  equivalence  or  operational  equivalence  relations  for 
AE. 


Scott  models  will  be  discussed  further  in  §5.  The  basics  of  the  Scott-Strachey 
approach  can  be  found  in  Milne  and  Strachey  [1976].  For  a  presentation  of  domain 
theory  (solving  domain  equations  in  complete  partial  orders)  we  recommend  notes 
of  Plotkin  [1978]. 

1.4.6.  More  about  continuation-passing 

The  transformation  to  continuation-passing  style  can  be  carried  out  quite 
generally.  Using  the  formulation  of  AE  in  terms  of  purely  syntactic  expressions 
plus  environments  for  interpreting  symbols,  such  transformations  can  be  defined 
in  a  manner  independent  of  the  choice  of  basic  data  and  primitive  operations.  A 
continuation-passing  fragment  of  AE  is  the  image  of  such  a  transformation.  It  has 
a  number  of  interesting  properties  - 

(i)  the  argument  component  of  an  application  is  a  primitive  expression  —  a  symbol 
or  a  primitive  function  applied  to  a  list  of  symbols 

(ii)  no  intermediate  values  are  returned  -  computation  proceeds  by  constructing 
continuations  and  applying  continuations  to  intermediate  results  obtained  by 
evaluation  of  primitive  expressions 

(iii)  no  external  state  is  built  up  during  computation  —  all  information  about  the 
computation  state  is  represented  explicitly 

We  have  seen  how  (i)  and  (iii)  are  used  to  insure  that  interpreters  give  defini¬ 
tions  independent  of  the  evaluation  rule  obeyed  by  the  defining  language  and  for 
interpreting  control  abstractions  such  as  program  points  or  escape  expressions. 

Fischer  [1972]  used  property  (ii)  to  show  that  any  applicative  expression  can 
be  transformed  to  an  expression  that  defines  the  same  function  on  the  data  domain, 
but  which  forces  the  dynamic  scope  of  variable  binding  to  extend  over  the  dynamic 
lifetime  of  any  closures  generated.  Thus  a  program  using  functions  as  values  only 
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as  intermediates  can  be  transformed  to  one  which  will  behave  correctly  in  systems 
such  as  Maclisp  where  funarg  objects  can  not  be  passed  out  of  their  dynamic  scope. 
Fischer  proves  the  following  relation  between  programs  and  their  transformations. 

(iv)  If  p  is  a  program  that  defines  a  function  on  data,  p^  is  the  transformation  of 
p  to  continuation-passing  style,  and  Id  is  the  identity  continuation  then  for 
any  continuation  c  and  any  element  d  of  the  data  domain 

p'{d,c)  ~  c(p(<i))  hence  p'{d,Id) p{d). 

The  Rabbit  compiler  for  Scheme  (Steele  [1978])  uses  a  transformation  to  con¬ 
tinuation-passing  style  as  its  core.  The  point  here  is  that  the  continuation-passing 
fragment  can  be  viewed  as  an  abstract  machine  represented  in  the  original  lan¬ 
guage.  The  advantage  is  that  the  same  tools  for  analysis  and  optimization  can 
be  used  at  both  ends  of  compiling  process,  and  compiled  code  can  be  directly 
interpreted  with  no  added  fuss. 


1.5.  Applicative  structures 


1.5.1.  Recursion  theory 

Recursion  theory  has  its  roots  in  the  work  of  Peano  and  Dedekind  and  their 
studies  of  the  natural  numbers  and  of  the  definition  of  functions  by  induction  on 
numbers,  i.e.  by  primitive  recursion.  The  goal  of  early  work  in  recursion  theory 
was  to  characterize  the  class  of  functions,  say  on  natural  numbers,  computable  by 
algorithms.  This  gave  rise  to  a  number  of  equivalent  notions  including  lambda- 
definability  (Kleene  [1936a],  equation  calculi  (Godel  [1934],  Kleene  [1936b]),  and 
Turing  machines  (Turing  [l936]).  Later  work  in  recursion  theory  has  focused 
attention  on  the  presentations  and  on  the  structure  of  classes  of  functions.  Some 
of  the  means  of  presenting  such  classes  are 

(i)  equation  calculi  -  using  expressions  and  rules  for  deducing  equations  from 
systems  of  defining  equations  (see  Kleene  [1952],  McCarthy  [1963b]) 

(ii)  schemata  (comprehension  principles)  for  introducing  functions  -  the  schemata 
serve  as  rules  for  generating  a  class  of  functions  from  a  given  set  of  basic 
functions  (see  Kleene  [1952]  and  [1959]) 

(iii)  inductive  definability  -  a  class  of  function  (als)  given  as  fixed  points  of  a  system 
of  monotone  functionals  (see  Platek  [1966],  Kechris  and  Moschovakis  [1977], 
Feferman  [1977],  Moschovakis  [1984]) 
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(iv)  invariant  definability  -  for  example  functions  given  as  solutions  to  systems  of 
equations  (not  the  saime  as  (i),  which  also  involves  rules  for  deduction,  see 
Grzegorczyk,  Mostowski  and  Ryll-Nardzewski  [1959]) 

Of  paxticulzo’  interest  in  the  study  of  the  structure  of  classes  of  functions 
was  the  study  of  hierarchies  of  functions  and  predicates  over  the  natural  numbers. 
Additional  notions  include  relative  recursion  -  one  function  being  computable  from 
another  (an  oracle),  degrees  -  equivalence  classes  of  functions  each  computable 
from  the  other,  and  recursion  at  higher  types.  From  this  work  came  tools  for 
studying  the  fine  structure  of  mathematics  and  for  measuring  the  strength  of 
formal  systems  according  to  the  complexity  of  functions  that  can  be  defined. 

The  scope  of  recursion  theory  has  been  extended  to  consider  recursion  over 
structures  other  than  the  natural  numbers  -  for  example  recursion  on  ordinals  and 
recursion  over  arbitrary  abstract  structures.  Principal  objectives  of  this  work  are 
to  look  for  abstractions  and  axiomatic  characterizations  of  fundamental  features  of 
the  class  of  partial  recursive  functions  on  natural  numbers  and  to  find  meaningful 
abstract  versions  of  Church’s  thesis. 

To  present  the  main  ideas  and  results  from  recursion  theory  relevant  to  Rum, 
we  introduce  informally  notions  of  a  recursion  theory  and  a  computation  theory. 
A  recursion  theory  on  a  domain  C  is  a  class  F  of  partial  functions  and  functionals 
on  C  satisfying  certain  closure  conditions  such  as  closure  under  explicit  definition, 
definition  by  cases,  fixing  of  parameters  {S^  theorem),  and  recursion.  The  follow¬ 
ing  are  versions  of  the  5^  and  recursion  theorems,  which  are  the  key  theorems 
for  our  purpose.  (The  subscript  Rt  is  to  distinguish  these  theorems  from  the  cor¬ 
responding  theorems  for  a  computation  theory  which  are  labeled  by  the  subscript 
Ct.) 

•  {S^  theorem) ijt  If  is  an  m-l-n-ary  function  in  F  and  ci, . . . ,  are  elements 
of  C  then  A(yi , . . . ,  yr»)<^(ci,  •  •  •  > Cm» yi » •  •  •  > yn)  is  an  n-ary  function  in  F. 

•  (Recursion  theorem)Bt  If  is  a  functional  in  F  with  n-ary 

function  parameter  /  and  $  is  monotone  in  /  then  the  least  fixed  point  $°° 
of  $  with  respect  to  /  is  in  F.  satisfies 

=  $($“)  and  <t>  =  $(<^)  C 

□  denotes  the  usual  partial  ordering  on  partial  functions,  i.e.  the  subset  order¬ 
ing  the  graphs.  In  general  the  functional  $  may  have  function  and  individual 
parameters  not  shown  above.  These  parameters  will  also  be  parameters  of 
the  least  fixed  point 

The  partial  recursive  functions  and  functionals  on  natural  numbers  (see  Kleene 
[1952],  chapter  XXII)  are  perhaps  the  simplest  example  of  a  recursion  theory.  The 
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notion  of  a  suitable  class  of  functionals  defined  by  Kechris  and  Moschovakis  [1977] 
or  that  of  a  precomputation  theory  (see  Fenstad  [1980],  Definition  1.1.10)  are  typical 
examples  of  closure  conditions  for  recursion  theories.  Recursion  theories  are  often 
defined  as  the  least  clauss  of  functionals  containing  some  base  set  and  closed  under 
certain  operations.  The  I~  recursive  functionals  for  suitable  I  defined  in  Kechris 
and  Moschovakis  [1977]  and  the  theories  of  hereditarily  consistent  functionals  given 
by  Platek  [1966]  are  examples  of  such  recursion  theories.  An  example  of  J-  recur¬ 
sive  functionals  of  particular  interest  for  computing  is  given  in  Moschovakis  [1984] 
(see  §VIII.3). 

A  computation  theory  over  a  domain  C  is  a  set  F  of  codes  describing  compu¬ 
tations  on  C  together  with  a  ternary  application  relation  {/}(xi,. . .  ,Xn)  ~  x  on 
F  xC*  xC,  and  a  well-founded  partial  ordering  -<  on  tuples  of  the  application  re¬ 
lation.  C*  is  the  set  of  finite  sequence  from  C  and  {/}(xi, . . . ,  Xn)  ~  z  means  that 
the  computation  coded  by  /  applied  to  the  sequence  Xi,...,Xn  returns  z.^  The 
ordering  provides  information  about  the  structure  of  the  described  computations 
and  is  typically  induced  by  a  rank  function  that  measures  the  size  of  the  computa¬ 
tions  by  assigning  ordinals  to  tuples  of  the  application  relation.  The  class  of  codes 
for  a  computation  theory  must  also  satisfy  certain  closure  conditions  analogous  to 
those  for  a  recursion  theory.  The  following  are  versions  of  the  and  recursion 
theorems  for  computation  theories. 

-  (5^  theorem)  ct  For  each  m,n,  there  is  a  computable  function  such  that 
for  each  f  E  F  auid  Xi,. . .  ,Xm,yi,  •  •  •  jVn  €  C*: 

(/>  ®  1  >  •  •  •  >  ®m)  ^  Ff 

(/>  •  •  •  >  ®m))’(yi  >  •  •  •  j  Vn)  ~  ^  1  >  •  •  •  >  ®m»  yi  j  •  •  • » yn)  ~  X. 

and 

~  x)  ({5;^(/,  , . . . ,  X„,)}(yi , . . . ,  Pn)  ~  z) 

•  (Recursion  theorem)  ct  There  is  a  computable  function  R  such  that  for  f  €.  F 
and  Xi, . . .  ,Xn  €  C* 

RU)  e  F, 

{i?(/)}(xi,...,x„)  ~  Z  {/}(R(/),Xi,...,Xn)  --  z 
and 

({/}(-^(/)>^l>-*->^n)  ^  Z)  <  ({R(/)}(xi,...,Xn)  --  Z) 


^  Here  we  are  using  braces  to  denote  the  function  computed  by  a  code  following  Kleene. 
We  will  call  these  “Kleene  braces” .  This  is  in  contr£ist  to  our  usual  convention  of  using 
braces  simply  for  grouping.  Context  will  make  it  make  it  clear  which  usage  is  intended. 
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By  a  suitable  encoding  of  the  presentation,  many  recursion  theories  are  read¬ 
ily  transformed  into  computation  theories.  For  example,  the  partial  recursive 
functions  and  functionals  on  natural  numbers  become  a  computation  theory  by 
assigning  Godel  numbers  to  schemata  describing  functions  and  using  the  natu¬ 
ral  partial  ordering  implicit  in  the  inductive  definition  of  the  function  described 
by  the  schemata.  Prime  and  search  computability  over  an  abstract  structure 
(Moschovakis  [1969],  see  also  below)  are  examples  of  computations  theories. 

A  further  important  theorem  in  recursion  theory  is  the  normal  form  theorem. 
This  theorem  says  that  each  computable  function  can  be  computed  by  iterating 
some  function  from  an  “elementary”  class  of  functions  (with  additional  elementary 
operations  allowed  at  the  beginning  and  end  of  the  computation.)  One  version 
of  this  theorem  is  based  on  the  Kleene  T-predicate  for  partial  recursive  number 
functions  (Kleene  [1952]). 

■  (Normal  Form  theorem)  There  is  a  primitive  recursive  function  U  and  for  each 
n  a  primitive  recursive  predicate  Tn  such  that  for  each  n-ary  partial  recursive 
function  ^  there  is  number  c  such  that 

<f>{xi,...,xn)  ^  z  ^  U{fi{y)Tn{e,xi,...,Xn,y))  ~  z 

Here  fi  is  the  least  number  operator  -  for  any  predicate  ’3?,  /i(y)^(y)  is  least  y 
such  that  ^^(y)  and  /i(y)^(y)  is  undefined  if  no  such  y  exists.  The  proof  of  the 
normal  form  theorem  is  based  on  the  notion  of  stepwise  generation  of  a  com¬ 
putation  structure  which  when  complete  gives  the  value  computed.  For  example 
Tn{c,xi,...,Xn,y)  says  that  y  codes  a  completed  computation  of  {e}(zi, . . . ,  x„)  ~ 
z  for  some  z.  For  such  y,  U  extracts  the  value,  U{y)  =  z.  The  normal  form  the¬ 
orem  is  related  to  the  conversion  of  recursion  to  iteration-plus-stack  (y  playing 
the  role  of  stack)  and  hence  to  the  process  of  compiling.  It  says  that  “machine 
computations”  are  represented  by  a  fragment  of  the  given  theory  in  such  a  way 
that  all  computations  of  the  theory  are  represented  in  that  fragment. 

An  important  application  of  recursion  theory  is  the  notion  of  realizability  (see 
Kleene  [1952],  §82).  This  notion  was  introduced  in  order  to  prove  a  conjecture 
that  if  a  closed  formula  of  arithmetic  (Vx)(3y)A(x,  y)  is  intuitionistically  provable, 
say  in  Heyting  arithmetic,  then  there  is  a  general  recursive  function  <l>  such  that 
(Vx)  A(x,  <^(y)).  The  proof  of  the  conjecture  shows  how  to  obtain  a  numeric  code  for 
<f>  from  a  proof  of  (Vx)(3y)A(x,y).  The  code  is  called  a  realization  of  the  formula 
(Vx)(3y)A(x,y).  This  was  the  first  of  many  methods  developed  for  extracting 
‘programs’  from  proofs. 


42 


Background 


§1.5 


Remarks. 

•  Many  of  the  key  ideas  in  basic  recursion  theory  are  due  to  Kleene.  These 
include  the  above  theorems,  the  generalization  from  total  to  partial  functions,  rep¬ 
resentation  of  the  process  of  computation  as  one  of  generating  computation  trees, 
the  idea  of  coding  computation  structures  as  data,  and  the  notion  of  realizability. 

•  Our  formulation  of  a  computation  theory  is  based  on  that  of  Moschovakis 
[1971]  (see  also  Fenstad  [1980]).  The  notion  of  a  recursion  theory  is  a  “code-free” 
or  extensional  version  of  this  notion.  A  computation  theory  also  determines  a  class 
of  computable  functions  which  constitute  a  recursion  theory. 

•  The  5^  theorem  for  a  computation  theory  captures  the  essential  aspect  of 
returning  functions  as  values.  It  corresponds  closely  to  closure  formation  k  la 
Landin  (§4).  One  can  think  of  closure  formation  as  a  direct  implementation  of  the 

theorem. 

•  The  recursion  theorem  stated  for  a  recursive  function  theory  is  essentially 
Kleene’s  first  recursion  theorem  (Kleene  [1952]  Theorem  XXVI)  while  the  version 
stated  for  a  computation  theory  corresponds  to  Kleene’s  second  recursion  theorem 
(Kleene  [1952]  Theorem  XXVII).  The  distinction  is  that  first  recursion  theorem 
concerns  functions  as  fixed  points  of  computable  functionals  while  the  second  re¬ 
cursion  theorem  concerns  codes  describing  functions  zoid  solutions  to  equations 
expressed  in  terms  of  the  application  relation.  In  general  “minimality”  is  not  a 
meaningful  notion  for  codes.  Our  version  of  the  second  recursion  theorem  is  some¬ 
what  stronger  than  is  usually  stated,  although  in  practice  it  is  often  the  version 
that  is  proved. 

For  references  to  original  papers  and  a  history  of  the  development  of  the  main 
ideas  of  recursion  theory  see  Kleene  [1979].  For  further  reading  we  recommend 
Kleene  [1952],  Fenstad  [1980],  and  the  section  on  recursion  theory  in  Barwise 
[1977]. 

1.5.2.  Recursion  on  abstract  structures 

Moschovakis  [1969]  develops  a  recursion  theory  constructed  uniformly  over  a 
given  structure  (B,^)  with  given  domain  B  and  given  functions  <f>.  The  compu¬ 
tation  domain  B*  is  obtained  from  the  B  by  adding  a  new  element  (called  0)  and 
closing  under  pairing.^  0*  denotes  the  subset  of  B*  generated  from  0.  Numbers  are 


*  The  *  in  B*,  following  the  notation  of  Moschovakis,  is  not  to  be  confused  with  our 
normal  use  as  in  C*  to  denote  sequences  from  C. 
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represented  as  elements  of  0*.  A  computable  function  is  assigned  to  each  element 
of  B*  by  an  inductive  definition  of  the  application  relation 

~  z. 

As  in  our  description  of  a  computation  theory,  {e}(xi, . . . ,  Xn)  ~  2  means  that  the 
value  of  the  function  coded  by  e  at  the  sequence  xi, . . . ,  x„  is  z.  There  are  seven 
rules  that  generate  the  functions  on  primitive  recursive  in  The  remaining 
(8th)  rule  is  that  of  reflection 

{e}(xi,...,Xn)  ~  z  {<8,n  +  m  +  l,n>}(e,xi,...,x„,yi,...,i/,„) 

which  provides  for  the  interpretation  of  an  argument  as  a  code  and  is  the  key  to 
describing  general  recursions.  The  class  of  functions  computed  in  this  theory  are 
called  the  prime  computable  functions  over  the  given  structure 

Closure  under  composition,  substitution,  and  projections  and  the  and 
recursion  theorems  are  proved  by  giving  codes  for  the  corresponding  functionals 
as  functions  of  codes  for  the  parameter  functions.  Although  arbitrary  elements  of 
B*  may  appear  in  codes  the  ‘control’  information  is  coded  using  only  elements  of 
0*  and  equality  of  the  control  parts  of  codes  is  computable. 

The  presentation  of  this  theory  provides  not  only  a  recursion  theory,  but 
also  a  computation  theory.  The  inductive  definition  of  the  application  relation 
naturally  determines  a  set  of  codes  that  describe  computations.  In  addition  a  sub¬ 
computation  relation,  a  tree  structure  for  computations  and  a  process  for  carrying 
out  computations  can  be  derived  from  the  inductive  definition  of  the  application 
relation. 

The  Moschovakis  theory  as  presented,  is  not  adequate  for  a  theory  of  sym¬ 
bolic  computation.  The  principal  difficulties  are  the  choice  of  basic  computation 
primitives,  and  the  ability  (in  fact  necessity)  to  use  operations  on  codes  to  describe 
computations.  More  precisely 

•  the  representation  of  codes  as  “Godel”  numbers  in  0*  introduces  irrelevant 
detail.  It  is  the  operations  constructing  codes  that  are  important  for  defining 
the  application  relation  and  for  defining  operations  on  codes. 

•  computation  is  described  in  terms  of  codes  for  functions  rather  than  being 
given  in  terms  of  expressions  and  environments. 

■  the  choice  of  codes  and  computation  primitives  does  not  allow  extensional 
(code  independent)  representation  of  function  abstraction  or  of  control  struc¬ 
tures  such  as  combinators,  iterators,  loops,  etc. 

•  this  theory  cannot  admit  general  meaning  preserving  operations  since  in  par¬ 
ticular  equality  of  the  control  parts  of  codes  is  computable. 
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To  illustrate  the  final  point,  suppose  c  is  a  code  and  '  is  a  transformation  such 
mat  c'  computes  the  same  function  as  c.  Suppose  further  that 


if  c  =  c 
if  c  c 


and 


if  e  =  c' 
if  e  ^  c'. 


Then  the  function  computed  by  /  is  not  preserved  by  the  transformation 
Remarks 

•  The  class  of  functions  defined  by  systems  of  recursion  equations  over  a  given 
data  structure  (McCarthy  [1963b],  see  §2)  and  AE  (Landin  [1964],  §4)  are  also  re¬ 
cursion  theories  over  abstract  structures.  The  recursion  theoretic  aspects  of  these 
formulations  were  not  developed  as  the  interest  was  in  applications  to  program¬ 
ming,  programming  language  semantics  and  proving  properties  of  progrctms. 

•  Moschovakis  [1984]  (see  §VIII.3)  presents  a  recursion  theory  over  abstract 
structures  in  which  both  recursion  theoretic  and  computation  theoretic  aspects 
are  developed. 


1.5.3.  Extensional  models  of  the  lambda  calculus 

There  zre  now  well-developed  methods  of  constructing  mathematical  models 
of  the  lambda  calculus.  The  basic  ideas  derive  from  work  of  Scott.  (See  Barendregt 
[1981]  chapter  18  for  details  and  references).  The  general  construction  csm  be 
expressed  quite  simply  in  terms  of  complete  partial  orderings  (c.p.o.s).  Fix  a 
c.p.o.  <D,  C>  with  domain  D  and  partial  ordering  C.  Then  D  has  a  unique  least 
element  J.  (bottom)  and  if  X  is  a  non-empty  directed  subset  of  D  (every  pair  of 
elements  of  X  have  an  upper  bound  in  X)  then  X  has  a  least  upper  bound  UX 
in  D.  We  read  do  Q  di  as  do  is  less  defined  than  di.  There  is  a  natural  topology 
on  D  derived  from  the  partial  ordering  such  that  continuous  functions  are  those 
which  preserve  least  upper  bounds  of  directed  subsets  -  /(uX)  =  U/(X).  Let  U' 
be  the  space  of  continuous  functions  on  D.  A  key  fact  is  that  each  /  in  D'  has 
a  least  fixed  point  fix(/)  in  D.  (fix  is  in  fact  continuous.)  To  define  a  model  of 
the  lambda  calculus  it  is  sufficient  to  define  a  continuous  function  fun  from  D  to 
D'  and  a  continuous  function  graph  from  D'  to  D  such  that  fun(graph(/))  =  /. 
fun  interprets  element  of  D  as  codes  of  continuous  functions  and  graph  assigns 
to  each  continuous  function  a  code  in  D  that  computes  it.  Thus  there  is  a  natural 
binary  application  operation  on  D  given  by  do  o  di  =  {fun(do)}(di).  Using  the 
graph  and  fun  functions  the  applicative  structure  <D,o>  can  be  considered  as 
a  model  of  the  lambda  calculus.  If  it  is  also  the  case  that  graph(fun(d))  =  d 
then  the  model  is  extensional  -  two  elements  code  the  same  function  iff"  they  are 
identical. 
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Two  important  examples  are  the  Doo  model  (due  to  Scott)  and  the  graph 
model  Pu  (due  independently  to  Plotkin  and  Scott).  For  the  graph  model  D 
is  the  power  set  of  the  set  of  natural  numbers  Pu  pzu'tially  ordered  by  subset 
inclusion.  This  model  also  satisfies  d  C  graph(fun(d))  jmd  thus  two  elements  in 
the  image  of  graph  code  the  same  function  only  if  they  are  equal. 

The  use  of  the  graph  model  to  provide  semantics  for  AE-like  languages  is 
worked  out  in  detail  in  Scott  [1976].  A  language  LAMBDA  is  defined  for  de¬ 
scribing  computable  functions  on  D.^  Each  LAMBDA  expression  c  is  given  an 
interpretation  as  an  element  in  D  for  each  assignment  of  the  free  variables  in  e 
to  elements  of  D.  Many  equations  and  theorems  about  LAMBDA  computable 
functions  are  proved.  In  addition  to  the  usual  laws  of  the  lambda  calculus  the 
laws  of  extensionality  (^)  and  (^*)  hold  in  this  model. 

(0  (Vx)(co  =  Cl)  A(x)co  =  A(a:)ci 


and 

(^*)  (Vx)(eo  E  Cl)  A(x)co  E  A(x)ei. 

The  closure  conditions  for  recursion  theories  are  realized  by  LAMBDA  computable 
functionals  in  a  uniform  manner.  The  recursion  theorem  in  this  model  says  that  the 
combinator  Y  computes  the  lecist  fixed  point  on  graphs  of  continuous  functionals. 

(Y.fix)  f  €  F  A  d  =  graph(/)  -+  Y(d)  =  fix(/) 

Extensionality  provides  an  important  principle  for  proving  LAMBDA  equations 
and  the  recursion  theorem  provides  an  induction  principle  for  proving  properties 
of  LAMBDA  computable  functions. 

The  graph  model  provides  a  rich  equational  theory  for  LAMBDA,  however  it 
does  not  provide  an  interpretation  of  expressions  as  descriptions  of  computation, 
and  the  only  equivalence  relation  is  the  (fully  extensional)  equivalence  of  equality 
as  functions. 


*  LAMBDA  is  AE  with  numbers,  the  arithmetic  operations  <-|-l,  — 1>  and  a  conditional 
operation  as  the  given  primitives. 
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1.5.4.  Non-extensional  theories  of  partial  operations 

Feferman  [1975]  describes  the  construction  of  a  theory  T  of  partial  opera¬ 
tions  from  a  given  theory  T  containing  a  minimal  amount  of  coding  power.  Here 
“theory”  means  a  language  L,  (constant,  function,  and  relation  symbols),  a  seman¬ 
tics  (logical  operations  and  their  interpretation  in  a  class  of  models  -  for  example 
first-order  logic),  and  a  set  of  axioms.  The  goal  of  this  work  was  to  find  “conser¬ 
vative  extensions”  of  stemdard  theories  in  which  to  formalize  fragments  of  current 
mathematics,  and  in  particular  to  provide  natural  means  of  defining  the  required 
functions  ajid  classes  without  introducing  unneeded  power.  The  key  problems 
have  to  do  with  extensionality  (abandoned  by  Feferman),  and  the  ability  to  define 
function  classes  and  power  classes.  The  idea  of  the  construction  is  to  add  a  new 
ternary  relation  symbol  ~  to  L  (for  partial  function  application)  and  use  the  cod¬ 
ing  power  to  represent  function  descriptions  as  codes.  Axioms  characterizing  the 
application  relation  are  added  to  the  initial  set  of  axioms.  The  unicity  axiom  (U) 
for 

(U)  /(x)  ~  yo  A  /(x)  --  yi  yo  =  yi 

expresses  that  the  application  relation  is  a  partial  function.  A  function  com¬ 
prehension  principle  (C*)  is  added  for  each  formula  $  monotonic  in  (C«>) 
characterizes  the  function  defined  by  $. 

(Vzi,...,Zn)((3/)(A(x)t(y)$(x,y,2i,...,Zn)  ~  /)  A 
(C«)  (Vx)(3!y)$(x,y,zi,...,zn)  -»  (3y)/x~yA 

(Vx,y)(/x~y  -4  $(x,y,zi,...,Zn))) 

Here  it  is  assumed  that  the  free  veu'iables  of  $  are  among  {x, y, zi, . . . , Zn}. 

i(y)$(x,y,zi,...,z„) 

is  read  “the  y  such  that  $(x,  y,  zi , . . . ,  Zn)” . 

A(xi , . . . ,  Zn)  A(x)  t(y)  $(x,  y,  Zx , . . . ,  Xn) 

denotes  the  closed  term  encoding  the  formula  $,  with  the  list  (x,y,zi, . . .  ,Zn) 
fixing  an  order  for  the  free  variables  of  $. 

A(zt+i, . . .  j  ^n) A(x)fc(y)$(x, y, Zx , . . . , Zn) 


■*  is  monotonic  in  ~  means  that  in  any  model,  the  set  of  elements  satisfying  $  is  a 
monotonic  function  of  the  interpretation  of  ~. 
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abbreviates 


{A(2;i  , . . . ,  «„)  A(x)<.(y)$(x,  y,  zi , . . . ,  2n)}(^i 

To  prove  that  T  is  a  conservative  extension  of  T,  Feferman  gives  a  method 
for  constructing  a  model  of  T  from  each  model  of  T.  Partial  instantiations  are 
interpreted  by  closure  like  objects.  If  /$  is  the  interpretation  of  the  term 

A(zi, . . . ,  z„)  A(x)t(y)$(x,  y,  2i , . . . ,  Zn) 

and  ay  interprets  zy  then  the  tuple  </*,ai,...,a,>  is  the  interpretation  of 

A(z,+i, . . . ,  Zn)A(x)t(y)$(x,  y,  zi , . . . ,  Zn). 

Monotonicity  of  $  allows  successive  approximations  of  ~  to  be  constructed  begin¬ 
ning  with  triples  .  ■,an>,o.,b>  such  that  $  has  no  occurrences  of  ~ 

and  $(o,  6,  ax , ,  a,i)  holds.  The  extended  model  is  the  limit  of  these  approxima¬ 
tions  (iterated  along  the  ordinals).  The  usual  combinators  k,s  are  definable  and  a 
recursion  theorem  is  provable  in  the  extended  theory.  Thus  the  extended  theory 
naturally  provides  the  functions  lambda-definable  from  the  given  functions. 

In  contrast  to  Scott’s  models,  there  is  for  T  a  non-extensionality  theorem. 
Namely,  it  is  inconsistent  to  assert  that  any  two  terms  that  code  the  same  total 
function  are  equal. 

(non.ext)  f  h  ->{'^f,g){Tot{f)  A/i=s;y-^/  =  y) 

where  Tot{f)  abbreviates  (Vx)(3y)(/x  ~  y),  expressing  that  /  codes  a  total  func¬ 
tion  and  /  »  y  abbreviates  (Vx,y)(/x  y  ^  gx  ^  y)  expressing  that  /  and  g  code 
the  same  function.  Although  extensionality  and  the  notion  of  least  fibced  point  are 
lost,  the  expressive  power  of  classical  logic  (in  particular  negation)  is  maintained. 
Also,  Feferman  shows  how  to  form  further  extensions  providing  a  form  of  inductive 
definitions  and  notions  of  partial  class,  thus  further  enriching  the  theory  for  the 
purpose  of  formalizing  parts  of  mathematics. 

Leaving  out  the  requirement  of  extensionality  makes  a  conservative  exten¬ 
sion  within  the  usual  logical  framework  possible.  However,  no  positive  use  of 
intensionality  is  made.  Indeed,  in  ordinary  mathematical  practice,  (the  intended 
application)  one  is  rarely  if  ever  interested  in  the  manner  in  which  a  function  is 
computed,  but  rather  in  being  able  to  prove  properties  relating  argument- value 
pairs  and  in  defining  additional  functions  having  given  properties. 

In  Feferman’s  recursion  theory  it  is  possible  to  test  for  equality  of  codes. 
This  is  a  key  point  in  the  proof  of  (non.ext)  and  for  our  purpose  a  principal 
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difficulty  with  this  formulation.  The  other  key  point  in  the  proof  is  the  uniform 
parameterization  of  descriptions  -  the  direct  implementation  of  the  theorem. 
The  proof  shows  that  these  two  features  combined  other  minimal  requirements 
are  incompatible  with  extensionality.  Note  that  the  Moschovakis  construction  of  a 
recursion  theory  over  an  abstract  structure  has  the  two  essential  features  required 
for  the  non-extensionality  theorem. 


1.6.  Towards  a  theory  of  symbolic  computation 


1.6.1.  Summary 

In  this  chapter  we  have  examined  a  variety  of  aspects  of  symbolic  computa¬ 
tion,  including  the  use  of  symbolic  expressions  to  describe  computation,  the  use  of 
functional  and  control  abstractions  as  programming  tools,  and  the  use  of  program 
treinsformations  as  a  tool  for  constructing  and  reasoning  about  programs.  In  ad¬ 
dition  we  discussed  a  variety  of  interpretations  and  applications  of  the  language 
AE  and  key  properties  of  structures  modeling  application  and  abstraction. 

■  Many  of  the  programming  examples  can  be  directly  expressed  as  AE  programs 
and  there  is  a  rich  literature  on  prograunming  in  languages  like  AE  and  its 
extensions. 

•  Program  transformations  were  used  informally  to  obtain  definitional  inter¬ 
preters  with  alternative  control  structures  and  alternative  semantic  domains. 
Systems  of  formal  transformation  rules  were  used  to  derive  programs  with 
improved  efficiency.  Operations  transforming  intensional  properties  into  ex- 
tensional  properties  were  used  to  analyze  efficiency  improving  transformations 
and  to  represent  other  intensional  properties  of  programs. 

■  Expressions  of  the  language  AE  were  interpreted  as  describing  computa¬ 
tions  (Landin’s  SECD  machine),  as  the  language  for  an  equational  calculus 
(Plotkin’s  lambda-v  calculus),  and  as  defining  functions  (the  graph  model). 
Each  of  these  interpretations  provides  a  natural  equivalence  relation  on  ex¬ 
pressions,  addressing  the  general  question  of  when  it  is  meaningful  to  call  two 
expressions  the  same.  Operational  equivalence  (Plotkin)  means  being  inter¬ 
changeable  in  any  program  context  without  changing  the  operational  meaning 
of  the  resulting  program  (as  given  by  the  SECD  machine).  Lambda-v  equiv¬ 
alence  means  provably  equivalent  in  the  lambda-v  calculus.  Denotational 
equivalence  means  having  the  same  denotation  in  the  graph  model. 

•  Two  important  fragments  of  AE  were  presented.  One  is  the  first-order  frag¬ 
ment  in  which  programs  are  given  by  systems  of  recursion  equations  and  can 
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be  directly  interpreted  as  partial  recursive  functions  on  the  given  data  struc¬ 
ture.  The  second  is  the  continuation-peissing  fragment  in  which  control  is 
made  explicit  and  which  can  be  viewed  as  representing  an  abstract  machine. 

■  The  use  of  AE  as  a  meta-programming  language  to  define  semantic  meaning 
functions  for  general  programming  languages  was  also  discussed.  This  includes 
Scott-Strachey  semantics,  extensions  based  on  ideas  of  Morris  and  Wadsworth 
and  Reynold’s  definitional  interpreters. 

•  Recursion  theories  over  abstract  structures  (Moschovakis)  and  theories  of 
partial  functions  and  classes  (Feferman)  illustrate  methods  for  uniform  con¬ 
structions  of  applicative  structures  over  given  abstract  structures  or  theories. 
The  construction  of  recursion  theories  serves  as  a  paradigm  for  construc¬ 
tion  of  structures  with  computational  content  as  well.  The  proof  of  the  non- 
extensionality  theorem  for  theories  of  partial  functions  and  classes  identifies 
problematic  combinations  of  requirements  for  such  structures  -  in  particular 
the  conflict  between  extensionality  and  the  general  ability  to  test  for  equality. 

1.6.2.  Symbolic  computation  systems 

The  reader  may  by  now  have  accused  us  of  “arguing  from  both  sides  of  the 
mouth” .  On  the  one  side  we  have  said  that  two  important  features  of  Lisp  are  that 
programs  are  represented  as  data  structures  and  that  it  is  easy  to  write  programs 
that  operate  on  other  programs.  On  the  other  side  we  have  criticized  recursion 
theories  such  as  those  of  Moschovakis  and  Feferman  for  providing  such  capability. 

The  time  has  come  to  resolve  this  apparent  inconsistency.  In  an  underlying 
model  of  computation  it  is  important  to  maintain  the  separation  of  the  meaning 
of  expressions  from  their  representation  as  data  and  from  the  meaning  given  to 
the  data  operations.  We  call  this  separation  of  control  and  data.  This  separa¬ 
tion  is  a  form  of  abstreiction  that  allows  us  to  formulate  and  prove  properties  of 
programs  and  to  define  and  study  general  operations  on  programs  in  a  manner  in¬ 
dependent  of  the  underlying  data  structure  and  of  the  representation  of  programs. 
Separation  of  control  and  data  is  also  crucial  for  the  purpose  of  defining  mean¬ 
ingful  equivalence  relations  on  expressions  and  for  defining  transformations  that 
preserve  such  equivalences.  In  contrast  to  a  mathematical  model  of  computation, 
a  symbolic  computation  system  such  as  Lisp  is  a  dynamic,  interactive  system.  It 
is  essential  for  such  a  system  to  provide  a  mechanism  for  dynamic  extension  and 
tools  for  system  building.  This  means  being  able  to  “discuss”  the  data  structures 
used  to  represent  computation  and  to  “use”  these  structures  within  the  same  for¬ 
malism.  Thus  programs  and  other  components  of  the  computation  state  must  be 
represented  as  data. 
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In  order  to  make  clear  the  context  in  which  the  work  on  Zum  is  to  be  viewed 
and  to  show  how  we  can  have  our  cake  and  eat  it  too,  we  propose  the  notion  of  a 
symbolic  computation  system.  The  main  components  of  such  a  system  are: 

.  an  underlying  model  of  computation  providing 

-  a  computation  domain 

-  symbolic  descriptions  of  computation 

-  structures  for  representing  computations 

-  rules  for  carrying  out  computations; 

•  an  encoding  of  the  model  in  a  computation  theory  over  a  data  structure  (such 
as  the  S-expressions)  so  that 

-  objects  of  the  model  are  represented  as  data 

-  operations  and  rules  for  computation  are  represented  by  computable  func¬ 
tions;  and 

■  reflection  principles  that  provide  for 

-  conversion  of  computation  state  and  descriptions  into  data 

-  conversion  of  data  into  computation  state  and  descriptions. 

1.6.3.  Goals 

Zum  is  a  step  towards  the  goals  for  a  mathematical  theory  of  computation 
given  by  McCarthy  [1963b].  The  main  goal  of  Zum  is  to  provide  an  intensional, 
computationally  meaningful  interpretation  of  applicative  expressions  without  pro¬ 
hibiting  an  extensional  interpretation,  and  further  to  derive  extensional  interpre¬ 
tations  from  the  basic  computational  interpretation.  We  want  to  represent  proper¬ 
ties  of  programs  ranging  from  details  of  the  computations  described  to  properties 
of  the  functions  computed;  to  represent  naturally  a  variety  of  styles  of  program¬ 
ming;  and  to  build  on  and  extend  existing  work  in  logic,  semantics,  and  program 
transformations.  The  main  application  is  to  express  and  prove  properties  of  par¬ 
ticular  programs  and  classes  of  programs  (functionals)  and  to  study  mathematical 
properties  of  computation  mechanisms.  The  point  is  to  provide  tools  both  for  pro¬ 
gramming  and  for  the  design  of  programming  systems.  These  are  rather  different 
goals  than  those  of  work  in  logic  establishing  theories  to  account  for  mathematical 
practice.  To  make  the  distinction  clearer  the  following  summary  compares  and 
contrasts  some  of  the  general  goals  for  work  in  foundations  of  mathematics  and 
computing. 
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Goals  for  foundations  of  mathematics 

•  to  account  for  practice  -  to  provide  precise  definitions  of  informal  concepts  so 
that  formal  proofs  can  be  carried  out 

•  to  isolate  underlying  principles  for  definition  and  proof  and  to  determine  what 
principles  are  needed  for  what  parts  of  mathematics 

-  to  isolate  the  proof  theoretic  strength  of  various  fragments  of  mathematics 

Goals  for  foundations  of  computing 

■  to  account  for  practice  -  to  provide  precise  definitions  of  informal  concepts  so 
that  formal  proofs  can  be  carried  out 

■  to  improve  practice  -  having  a  clear  mathematical  theory  is  important  for 
maiking  design  decisions  at  all  levels. 

-  an  understanding  of  the  mathematical  properties  of  computation  mecha¬ 
nisms  and  of  operations  combining  various  mechanisms  is  a  valuable  tool 
for  writing,  debugging,  and  verifying  programs. 

-  an  understanding  of  the  mathematical  consequences  of  combinations  of 
computation  mechanisms  and  of  choices  of  computation  structures  and 
their  representation  is  important  for  the  design  and  implementation  of 
programming  systems. 

1.6.4.  About  Hum 

Rum  provides  a  model  of  the  applicative  aspects  of  computation  over  gener¬ 
alized  algebraic  data  structures.  Thus  it  is  (a  fragment  of)  an  underlying  model 
of  computation  for  a  symbolic  computation  system.  Implicit  in  the  presentation 
of  Rum  is  a  natural  encoding  in  the  S-expression  data  structure.  Addition  of 
reflection  principles  will  be  discussed  in  §VIII.4. 

1.6.4. 1.  Building  on  existing  work 

Rum  is  a  further  development  of  the  work  started  by  Landin  [1964,1965,1966]. 
The  basic  approach  is  to  view  computation  as  a  process  of  generating  structures 
such  as  computation  trees  or  sequences.  This  is  a  variation  on  the  information 
structure  approach  of  Wegner  [1971].  The  language  for  describing  computation  is 
AE  extended  by  primitives  for  conditional  and  manipulation  of  sequences.  Like 
AE,  definitions  are  parameterized  uniformly  by  a  given  data  structure.  The  syntac¬ 
tic  and  semantic  domains  are  abstract  algebraic  structures  similar  to  those  used  by 
Reynolds  [1972]  for  the  first-order  definitional  interpreters.  The  difference  is  that 
computation  rules  are  interpreted  as  rules  for  generating  computation  structures 
rather  than  as  simply  defining  an  evaluation  relation.  We  go  beyond  existing  work 
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in  developing  mathematical  properties  of  computations  and  proving  properties  of 
programs. 

Rum  is  a  “code-free”  computation  theory  thus  combining  the  extensional  ad¬ 
vantages  of  a  recursion  theory  and  the  intensional  advantages  of  a  computation 
theory.  In  this  light,  Rum  can  be  seen  as  a  modification  and  elaboration  of  the 
construction  of  recursion  theories  over  abstract  structures  given  by  Moschovakis 
[1969].  The  main  modifications  are 

-  construction  of  is  replaced  by  construction  of  an  abstract  algebraic  struc¬ 
ture  with  purely  syntactic  entities  (expressions  li  la  AE).  Values  are  con¬ 
structed  uniformly  from  the  expressions  and  the  data  and  operations  of  the 
given  abstract  structure. 

-  reflection  is  replaced  by  abstraction  (closure  formation)  and  application 

-  operations  on  codes  are  not  provided  as  computation  primitives  -  they  are  no 
longer  needed 

-  the  inductive  definition  of  an  application  relation  is  replaced  by  a  set  of  com¬ 
putation  rules  that  serve  as  rules  for  generating  computation  trees  and  to 
present  the  definition  of  an  evaluation  relation  defining  the  value  of  an  ex¬ 
pression  in  an  environment 

The  induction  principle  and  equations  of  Scott  are  obtained  by  defining  an 
approximation  relation  on  the  computation  domain,  derived  from  the  evaluation 
relation,  which  hais  the  essential  properties  of  C. 

I.6.4.2.  The  multitude  of  basic  notions 

The  broad  scope  of  Rum  is  essential  for  achieving  the  basic  goals  of  a  math¬ 
ematical  theory  of  computation.  This  entails  developing  a  more  complex  theory 
than  required  for  typical  logical  applications.  In  particular  there  are  a  variety  of 
basic  notions.  (Even  so  Rum  has  a  small  number  of  primitives  compared  to  prac¬ 
tical  programrmng  systems!)  Below  we  indicate  briefly  the  main  notions  and  the 
need  for  introducing  them  in  accordance  with  the  goals  outlined  above.  Further  re¬ 
marks  about  our  choice  of  basic  notions  will  be  found  throughout  the  presentation 
and  also  in  §VIII.2. 

There  are  both  syntactic  and  semantic  domains  in  the  Rum  world.  The  se¬ 
mantic  domains  include  both  the  computation  domain  and  computation  struc¬ 
tures.  The  syntactic  domain  (forms)  provides  the  ability  to  treat  programs  as 
data  (objects  to  operate  on)  by  providing  primitive  operations  that  characterize 
the  structure  of  programs  and  from  which  general  operations  can  be  defined.  Se¬ 
mantic  domains  are  needed  in  order  to  assign  meanings  to  programs.  Having  both 
a  syntactic  domain  and  a  variety  of  semantic  domains  is  needed  in  order  to  define 
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operations  on  programs  such  as  compiling,  transforming,  deriving,  and  construct¬ 
ing;  to  talk  about  the  effects  of  these  operations  on  the  computations  described; 
and  to  say  what  is  changed  and  what  is  preserved. 

The  computation  domain  provides  the  basic  objects  used  to  assign  operational 
and  extensional  meanings  to  programs.  It  contains  data  and  operations  from  the 
given  data  structure,  function  abstractions  {pfns),  and  control  abstractions  {con¬ 
tinuations).  Function  and  control  abstractions  are  needed  to  represent  naturally 
the  variety  of  computation  mechanisms  that  we  wish  to  treat.  Function  and  con¬ 
trol  abstractions  are  distinct  from  data.  This  provides  the  necessary  separation  of 
control  and  data  that  allows  both  intensional  and  extensional  interpretations  of 
programs.  (Clearly,  one  does  not  want  to  prohibit  the  testing  of  equality  between 
data  items.) 

There  are  three  central  notions  for  assigning  intensional  meaning  to  programs: 
descriptions,  computation  rules,  and  computation  structures.  Descriptions  corre¬ 
spond  to  programs  plus  input.  They  are  finite  objects  that  contain  information 
about  how  a  particular  computation  is  to  be  carried  out.  Computation  is  car¬ 
ried  out  by  generating  computation  structures  according  to  the  computation  rules. 
These  structures  provide  the  intensional  interpretation  of  programs.  Computation 
structures  may  be  infinite,  since  computations  may  not  terminate. 

There  are  two  basic  computation  structures  -  trees  and  sequences.  Tree- 
structured  computation  provides  for  natural  treatment  of  context  independent 
computation  mechanisms.  Sequential  computation  provides  for  treatment  of  mech¬ 
anisms  such  as  escape  and  co-routining.  Although  sequential  computations  contain 
the  tree-structured  computations  as  a  subset,  it  is  important  to  develop  the  tree 
structured  fragment  separately.  The  latter  has  a  much  simpler  and  richer  math¬ 
ematical  theory.  Furthermore,  context  dependence  in  sequential  computations  is 
often  localized  and  such  computations  can  be  treated  essentially  as  tree-structured 
computations. 

The  computation  rules  are  also  interpreted  as  definitions  of  computation  re¬ 
lations  on  descriptions.  These  relations  provide  a  means  of  expressing  extensional 
properties  and  of  proving  extensional  properties  by  operational  reasoning. 
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This  chapter  is  an  informal  introduction  to  Rum.  The  main  concepts  are  il¬ 
lustrated  by  simple  examples  based  on  the  problem  of  computing  the  product  of 
numbers  occurring  at  the  leaves  of  a  number  tree.  We  begin  with  a  recursive  defi¬ 
nition  of  the  tree  product  function  and  then  consider  the  problem  of  describing  the 
computation  in  such  a  way  that  if  a  zero  is  encountered,  it  is  returned  as  the  value 
immediately  without  processing  the  remainder  of  the  number  tree.  The  examples 
illustrate  the  use  of  functional  and  control  abstractions  to  describe  coinputation; 
the  process  of  generating  computation  trees  and  sequences;  and  properties  of  com¬ 
putations  that  can  be  read  off  completed  computation  structures  or  derived  from 
the  rules  for  generating  computation  structures.  Equations  satisfied  by  function 
and  control  abstractions  are  illustrated  and  we  show  how  program  transformation 
methods  can  be  applied  in  situations  where  computations  involve  the  generation 
and  application  of  functional  and  control  abstractions. 

Rum  notation  will  be  used  informally  to  present  the  examples  with  enough 
explanation,  we  hope,  so  that  the  reader  can  understand  the  particular  cases,  and 
also  get  some  idea  of  the  general  concepts.  Formal  definitions  will  be  given  in  the 
following  chapters. 

First  a  brief  tour  of  the  objects  in  the  Rum  world.  A  data  domain  and  data 
operations  are  assumed  given.  Programs  are  expressions  called  forms.  They  are 
generated  by  constructions  corresponding  to  the  computation  primitives  in  much 
the  same  way  that  well-formed  formulas  are  generated  by  constructions  corre¬ 
sponding  to  logical  connectives.  There  are  computation  rules  for  each  compu¬ 
tation  primitive  (like  deduction  rules).  To  describe  a  particular  computation,  a 
form  is  closed  in  an  environment  that  binds  values  to  the  free  symbols.  We  call 
this  closure  a  dtree  or  description  tree  to  emphcisize  the  relation  between  the  tree 
structure  of  a  form  and  that  of  the  local  structure  of  the  computation  described 
by  the  form.  In  addition  to  data,  the  computation  domain  contains  pfns  and  con¬ 
tinuations.  Pfns  are  functional  abstractions.  They  can  be  thought  of  as  partial 
functions  containing  information  describing  how  the  value  of  the  function  is  to  be 
computed.  This  information  consists  of  a  symbol  naming  the  argument,  the  pfn 
body  -  a  form  describing  the  computation,  and  the  pfn  environment  -  assigning 
values  to  the  free  symbols  of  the  pfn  body  other  than  the  argument  symbol.  Con¬ 
tinuations  are  control  abstractions.  They  represent  computation  contexts  built  up 
in  the  process  of  carrying  out  computations.  A  computation  context  contains  the 
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information  describing  how  the  computation  is  to  continue  when  the  current  sub¬ 
computation  returns  a  value.  As  objects  of  the  computation  domain  they  provide 
a  means  of  remembering  and  switching  contexts,  and  of  suspending  and  resuming 
computations. 

For  this  chapter  we  fix  the  data  domain  to  be  the  S-expression  domain  built 
from  atomic  objects  by  pairing,  where  the  set  of  atomic  objects  includes  numbers. 
Number  trees  are  those  S-expressions  built  up  from  numbers.  Thus  a  number 
tree  c  is  either  a  number,  or  a  pair  of  number  trees  cq  •  ei.  For  example,  2  and 
(2  •  3)  •  4  are  number  trees.  We  will  use  n,  no,  . . .,  to  stand  for  numbers  and  e, 
Co,  . . .,  to  stand  for  number  trees.  The  given  operations  on  S-expressions  include 
(using  Lisp  names  )  pairing  and  projection  (Cons,  Car,  Cdr);  tests  for  atoms  and 
zero  (Atom,  ZeroP);  and  addition  and  multiplication  (-1-,  *). 


II.l.  Simple  recursive  computation  of  the  tree  product  function 

The  tree  product  function  7r(c)  is  defined  by  induction  on  number  trees. 

.  .  _  r  e  if  c  is  an  atom 

~  \  7r(co)  *  ^(«i)  if  e  =  Co  •  Cl 

For  example,  7r((2  •  3)  •  4)  =  2  *  3  *  4.  A  direct  analog  to  this  definition  is  the 
recursive  definition  of  the  pfn  Tprod. 

>  Tprod(x)  lf(Atom(x),x,  Tprod(Car(x))  *  Tprod(Cdr(x))) 

This  definition  can  be  interpreted  as  a  recursive  definition  in  the  usual  way.  To 
compute  Tprod 'c,  (read  “Tprod  applied  to  c”),  first  compute  Atomic.  If  true 
return  c,  otherwise  compute  Tprod 'Car(e)  and  Tprod 'Cdr(e)  (using  the  definition 
of  T prod  recursively)  and  then  multiply  the  results. 

The  expression  “Tprod 'e”  denotes  a  dtree  -  essentially  the  body  of  the  pfn 
T prod  closed  in  an  environment  binding  the  pfn  T prod  to  the  symbol  T prod  and 
binding  c  to  the  argument  symbol  x.  The  sign  *  is  used  to  distinguish  between 
the  dtree  describing  the  computation  of  T prod  applied  to  a  number  tree  and  the 
resulting  value,  for  which  we  use  the  usual  notation  Tprod (c).  We  use  identifiers 
such  as  Car  and  Tprod  (beginning  with  upper  case  letters)  both  to  denote  symbols 
and  to  denote  the  value  we  have  assigned  to  that  symbol.  Values  are  assigned 
either  as  the  name  of  a  data  operation  as  for  Car  or  by  a  definition  such  as  that 
given  above  for  T prod.  Such  symbols  are  said  to  be  globally  defined.  Context  will 
make  it  clear  whether  we  are  referring  to  the  symbol  or  its  value. 
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TT.1.1.  Generating  a  computation  tree 

The  rules  for  computation  axe  more  than  just  rules  for  computing  a  value, 
they  are  also  rules  for  generating  computation  trees.  The  value  and  much  more 
information  can  be  read  off  a  completed  computation  tree.  As  an  example  we  gen¬ 
erate  the  computation  tree  for  Tprod'{2  •  0).  The  initial  stage,  Figure  1  (Stage  0), 
is  a  tree  with  a  single  node  labeled  by  the  description  of  the  computation  to  be 
carried  out  -  Tprod'(2  •  0).  This  describes  the  computation  of  the  pfn  body  in 
an  environment  binding  2  •  0  to  x  (we  omit  explicit  mention  of  globally  defined 
symbols  such  as  Tprod). 

(lf(Atom(x),x,Tprod(Car(x))  *  Tprod(Cdr(x)))  I  x-<-2  •  0) 

Below  the  initial  node  we  add  a  node  labeled  by  the  description  of  test  Atom  '(2  • 
0).  This  is  a  primitive  computation  that  returns  the  empty  sequence  □  -  our 
representation  of  false.  This  is  indicated  by  adding  ^  o  to  the  label  at  the  test 
node.  Thus  we  have  the  situation  shown  in  Figure  1  (Stage  1).  Since  the  test 
returned  false,  the  else  branch  is  selected.  A  second  node  is  added  below  the 
initial  node  zuid  labeled  i>app- 

?>app  =  {Tprod(Car(x))  *  Tprod(Cdr(x))  I  x-«-2  •  0) 

This  is  shown  in  Figure  1  (Stage  2).  The  sign  labeling  the  arc  from  the  initial 
node  to  the  else  node  is  the  reduces-to  sign  and  signifies  that  the  value  of  the 
parent  node  is  the  value  of  the  else  subcomputation. 


•  Tprod '(2  •  0) 

T prod '(2  •  0) 

prod  '(2  •  0) 

•<Atom  \2  •  0) 

iTAtom  '(2  •  0)  >  t)app 

c— ►  □ 

Stage  0 

Stage  1 

Stage  2 

Figure  1. 

Initial  stages  in  the  computation  of  T prod  '(2  •  0) 
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Below  the  ?>app  node  we  add  a  node  labeled  by  *  -  the  function  to  be  applied, 
and  a  node  labeled  by  Harg  which  describes  the  computation  of  the  argument 
sequence. 

®arg  =  ([Tprod(Car(x)),Tprod(Cdr(x))]  I  x-<-2  *0) 

Below  the  I>arg  node  we  generate  the  computation  trees  for  Tprod'2  and  Tprod'O. 
These  trees  may  be  generated  in  any  order.  That  is,  at  each  stage  an  extension 
C£m  be  made  at  any  node  at  which  a  subcomputation  can  be  started  or  a  value 
returned.  The  value  at  the  I>arg  node  is  the  sequence  of  values  returned  by  its  two 
subcomputations.  This  is  shown  in  Figure2  (Stage  3).  Now  we  add  a  third  node 
below  the  t>app  node  labeled  by  *'[2,0]  -  the  actual  application  of  the  function 
to  the  argument.  This  primitive  computation  returns  the  value  0.  We  have  now 
reached  the  stage  shown  in  Figure  2  (Stage  4). 


At  this  point,  the  computation  is  essentially  complete,  since  there  is  a  chain  of 
branches  from  the  initial  node  to  the  node  labeled  *  '[2, 0]  0.  What  remains 

is  to  add  value  labels  to  the  nodes  along  this  chain.  The  complete  tree  is  shown 
in  Figures. 

We  can  now  elaborate  the  remark  that  T prod  corresponds  directly  to  the  in¬ 
ductive  definition  of  tt.  For  inductive  definitions  of  the  kind  given  for  tt  there  is,  for 
each  tuple  in  the  defined  relation,  a  unique  derivation  tree  for  that  tuple  obtained 
by  using  the  clauses  of  the  definition  as  derivation  rules.  The  correspondence  of 
Tprod  and  tt  is  that  the  derivation  tree  for  ir{e)  =  n  has  the  same  structure  as  the 
computation  tree  for  Tprod 'e  n. 
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II.1.2.  Properties  of  Tprod 

From  the  completed  computation  tree  for  Tprod  ^(2  •  0)  we  can  read  off  the 
following  information 

Tprod  ^(2  •  0)  0 

X  T prod  applied  to  2  •  0  returns  value  0 
Tprod '2  ^  Tprod '(2  •  0) 

%  T prod '  2  is  a  subcomputation  of  T prod  '(2  •  0) 

Tprod '(2  •  0)  >¥~  *^[2,0] 

%  computation  of  T prod  '{2  •  0)  reduces  to  computation  of  *  '[2, 0] 
count  (Tprod  ^(2  •  0),  {Car,  Cdr})  =  2 

%  Car  and  Cdr  are  applied  two  times  in  the  computation  of  T prod '(2  •  0) 
count  (Tprod '(2  •  0),  *)  =  1 

%  *  is  applied  once  in  the  computation  of  T prod  '{2  •  0) 

The  sign  X  flags  remarks  within  formulas.  ^  is  the  evaluation  relation.  In  general 
D  o  means  that  the  computation  described  by  H  returns  the  value  v.  The 
evaluation  relation  can  be  used  to  define  the  function  computed  by  a  pfn.  -<  is 
the  subcomputation  relation.  Do  ^  means  that  the  computation  described  by 
Do  is  a  subcomputation  (a  subtree)  of  the  computation  described  by  D.  is  the 
“reduces-to”  relation  which  characterizes  the  main  subcomputation  in  the  case 
of  conditional  and  application.  The  point  is  that  to  carry  out  the  computation, 
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one  could  simply  replace  the  parent  conditional  or  application  node  by  its  main 
subcomputation  once  this  is  determined.^  is  analogous  to  “goto”  while  -<  is 
analogous  to  “procedure  call”.  For  a  finite  set  of  data  operations  O,  eount{(),0) 
is  the  number  of  applications  of  operations  in  O  in  the  computation  of  5.  For 
computation  trees,  counti^,  O)  is  the  number  of  nodes  in  the  computation  tree  for 
d  labeled  by  o  '  d  for  some  o  in  O  and  some  argument  sequence  d. 

Using  the  definition  of  Tprod,  the  rules  for  computation,  and  induction  on 
number  trees  the  following  general  facts  can  be  derived. 

Tprod  ^  ?r(c)  X  T prod  computes  the  tree  product  function 

«o  <Bexp  e  Tprod' Co  ^  Tprod 'c 

count  (Tprod '  c,  *)  =  cells{e) 

count  (Tprod 'c,  {Car,  Cdr})  =  nodes{e)  —  1 

where  <«ezp  is  the  subtree  relation  on  S-expressions,  cells{e)  is  the  number  of 
conses  used  in  the  construction  of  e  and  nodes  (c)  is  the  number  of  conses  plus  the 
number  of  leaves  in  c. 

We  can  also  derive  definitions  of  pfns  computing  properties  of  the  computation 
tree  for  Tprod 'e  as  a  function  of  e.  For  example,  MTprod  computes  the  number 
of  applications  of  *  in  the  computation  of  Tprod. 

>  MTprod(x)  <—  if(Atom(x),0, 1  +  MTprod(Car(x))  +  MTprod(Cdr(x))) 
and 


MTprod 'e*^  count  (Tprod '  e,  *) 


II.2.  Improvements  of  Tprod 

Using  properties  of  multiplication,  we  see  that  if  one  of  the  atoms  of  c  is  0 
then  7r(c)  =  0.  This  suggests  various  possible  modifications  for  improving  the 
computation  of  7r(e).  One  such  modification  is 

(t)  look  for  zeros  first  and  apply  Tprod  only  if  the  product  is  non-zero 


^  We  don’t  do  this  replacement  because  we  wish  the  completed  computation  tree  to  be 
a  complete  record  of  the  computation. 
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This  computation  is  easy  to  describe.  We  define  the  pfn  Inz  to  check  for  zeros  in 
a  number  tree.  Using  Inz  we  define  the  pfn  TprodO  to  describe  the  computation 
specified  by  (j). 

>  Inz(x)  if(Atom(x),Zerop(x),or(lnz(Car(x)),  lnz(Cdr(x)))) 

>  TprodO(x)  •«-  lf(lnz(x),0,Tprod(x)) 

The  form  or(lnz(Car(x)),  lnz(Cdr(x)))  computes  the  disjunction  of  the  two  subex¬ 
pressions.  lnz(Car(x))  is  computed  first.  If  the  result  is  true  (a  non-empty  se¬ 
quence)  then  true  is  returned  without  further  computation.  Otherwise  the  value 
of  the  disjunction  is  the  value  of  lnz(Cdr(x)).  From  these  definitions  it  is  easy  to 
see  that 

TprodO 'c  ^  7r(c) 

7r(c)  =  0  -+  count(TprodO'c,*)  =  0 


This  modification  is  an  improvement  if  multiplication  is  expensive  and  traversing 
the  tree  is  cheap.  If  no  zero  is  found,  the  number  tree  must  be  processed  again. 
So,  if  the  cost  of  traversing  the  tree  is  comparable  to  the  cost  of  multiplication 
(for  example  the  tree  could  be  stored  on  disk,  making  execution  of  Car  and  Cdr 
expensive)  then  alternative  improvements  should  be  considered.  For  example 

. .  X  traverse  the  number  tree,  accumulating  the  product  for  completed  sub- 
trees,  but  terminate  traversal  and  return  zero  if  a  zero  is  encountered. 

To  make  the  requirement  (|)  precise  we  define  pfns  Upto  and  Before.  Upto(e)  is 
the  number  of  nodes  visited  before  a  zero  is  encountered  in  a  left-first  traversal  of 
e.  Before  (e)  is  the  number  of  non-atomic  subtrees  cq  of  c  such  that  cq  to  the  left 
of  the  left-most  zero  in  e. 


>  Upto(x)  *—  if(Atom(x), 

1. 

if(lnz(Car(x)), 

1  -h  Upto(Car(x)), 

1  +  Upto(Car(x))  +  Upto(Cdr(x)))) 

>  Before  (x)  *—  if(Atom(x), 

0, 

if(lnz(Car(x)), 

Before(Car(x)), 

Before(Car(x))  -f  Before(Cdr(x))  -f  if(In2(Cdr(x)),0, 1))) 
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For  example  Upto(((2  ♦  3)  ♦  0)  •  4)  =  6  and  Before(((2  ♦  3)  •  0)  •  4)  =  1. 

A  pfn  p  satisfying  (t)  should  only  visit  nodes  until  a  zero  is  encountered  and 
it  should  only  do  multiplications  at  nodes  whose  subtrees  have  been  completely 
processed.  In  particular  p  should  satisfy 

(t-*)  p'c^7r(e) 

(t.tt)  coun<(p*c,  {Car,  Cdr})  =  Upto{e)  —  1 
(t.m)  count  [p'  e,*)  =  Before(c) 

We  will  give  two  solutions  to  this  problem.  For  both  solutions  we  define  an  auxil¬ 
iary  pfn  p.aux  which  has  an  additional  parameter  used  to  store  information  about 
the  state  of  the  computation.  The  idea  is  to  insure  that  as  each  node  of  the  num¬ 
ber  tree  is  visited  both  the  initial  calling  context  and  the  context  built  up  so  far  in 
traversing  the  number  tree  are  available.  Thus  computation  can  continue  normally 
or  return  zero  immediately  to  the  calling  context.  A  pfn  p  computing  tt  is  defined 
by  calling  p.aux  with  a  suitable  initial  value  for  the  additional  parameter. 

n.2.1.  Tprodl  -  continuation-passing  style  computation 

The  first  solution  T prodl  is  based  on  continuation-passing  style  computation. 
The  auxiliary  for  Tprodl  is  Tprodc  which  hais  a  continuation  pfn  as  the  additional 
argument  and  pfn  formation  is  used  to  represent  the  computation  context  built  up 
during  traversal  of  a  number  tree.  To  continue  the  computation,  the  continuation 
pfn  is  applied  to  the  value  of  the  current  subcomputation.  The  external  context 
is  always  the  calling  context,  thus  a  value  is  returned  to  the  calling  context  by 
simply  returning  it.  Tprodl  computes  tt  by  calling  Tprodc  with  the  identity  pfn 
A(z)z  as  the  initial  continuation  pfn. 

>  Tprodl (x)  •«-  Tprodc(x,  A{z)2) 

>  Tprodc(x,c)  lf(atom(x), 

if(zerop(x),0,c(x)), 

Tprodc(Car(x),  A(y)(Tprodc(Cdr(x),  A(z)c(y  *  z))))) 

So  far  we  have  only  discussed  recursive  definition  as  a  means  of  generating  pfns. 
The  basic  means  of  pfn  formation  is  evaluation  of  a  lambda-expression  in  an  envi¬ 
ronment.  For  example  the  value  of  A(z)c(y  *  z)  is  a  pfn  with  argument  symbol  z, 
pfn  body  c(y  *  z)  and  pfn  environment  the  evaluation  environment.  The  applica¬ 
tion  of  a  pfn  to  an  argument  is  the  closure  of  the  pfn  body  in  the  pfn  environment 
extended  by  binding  the  argument  to  the  argument  symbol. 
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One  way  to  understand  Tprodc  is  to  note  that  it  computes  the  same  par- 
r-?!  junction  as  A(x,c)if(Inz(x),0,c(Tprod{x))).  We  claim  that  the  computation 
described  by  Tprodc'(e,t?)  returns  zero  immediately  if  a  zero  is  encountered  in 
the  traversal  of  e  and  otherwise  reduces  to  computation  of  t?'7r{c).  Thus  Tprodl 
satisfies 

II.2.1.1.  Analysis  of  the  computation  of  Tprodc. 

To  verify  the  claim,  we  look  in  more  detail  at  the  computation  described  by 
Tprodc'(c,t?).  If  c  =  0  then  0  is  returned  as  the  value.  If  e  is  an  atom  and  not 
zero,  then  computation  reduces  to  application  of  d  to  c  -  Tprodc^(e,^)  d'c. 
Otherwise  computation  reduces  to  application  of  Tprodc  to  Car{e)  with  continua¬ 
tion  pfn  given  by  A(y){Tprodc(Cdr(x),  A(z)c(y  *  z))))  in  an  environment  binding  t? 
to  c  and  c  to  x.  In  symbols 

Tprodc'(e,t?)  »-  Tprodc'(Car{e),da(c,t?)) 

wiiGrc 

t?a  =  A(x,c)A(y)(Tprodc(Cdr(x),  A(z)c{y  *  z))) 

If  there  are  no  zeros  in  Car{c),  computation  will  eventually  reduce  to  application 
of  to  7r(Car(e)),  which  further  reduces  to  application  of  Tprodc  to  Cdr(e) 

with  continuation  pfa  given  by  A(z)c(y  *  z)  in  an  environment  binding  d  to  c  and 
7r(Car(e))  to  y. 

Tprodc'(Car(c),t?a(c,t?))  i?a(e,t?) '7r(Car(c))  Tprodc'(Cdr(c),t?d(7r(Car(e)),t?)) 
where 

i?d  =  A(y,c)A(z)c{y  *z) 

If  there  are  no  zeros  in  Cdr(e),  computation  will  eventually  reduce  to  the  appli¬ 
cation  of  t?d{’r(Car(c)),  t?)  to  7r(Cdr(e))  which  then  reduces  to  application  of  t?  to 
;r(e)  =  7r(Car(e))  *  7r(Cdr(c)). 

Tprodc'(Cdr(c),t?d(^(Car(e)),t?))  t?d(7r(Car(e)),t?)'7r(Cdr(c))  t?'7r(e) 

Thus  we  see  that  if  there  is  a  zero  in  c  then  the  reduction  sequence  terminates 
when  the  first  one  is  encountered  and  zero  is  returned  as  the  value,  and  otherwise 
Tprodc'(e,T?)  t?'x-(e).  Hence  Tprodl'e  ^  7r(e).  (Note  that  we  have  implicitly 
used  induction  on  number  trees  in  the  above  argument.) 
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11.2.1.2.  Structure  of  computations  in  continuation-passing  style. 

The  computation  of  Tprodc^(c,t?)  is  a  sequence  of  “reductions  to”  subcompu¬ 
tations  determined  by  simple  side  computations.  The  result  of  the  entire  computa¬ 
tion  is  the  result  of  the  final  subcomputation.  Thus  the  computation  tree  described 
by  T prodl  ^  e  is  a  sequential  tree  -  a  tree  with  a  main  (rightmost)  branch  where 
each  subtree  is  connected  by  a  “reduces-to”  arc.  For  example  the  computation 
tree  for  T prodl  '{2  •  0)  has  the  shape  (omitting  side  computations) 

•Tprodl'(2  •  0) 

•Tprodc'(2  •  0,  A(z)2) 

•Tprodc'(2,i?a(2  •  0,A(z)z)) 

•{t?a(2  •  0,A(z)z))}'2 

•Tprodc'(0,t?d(2,  A(z)z)) 

•0 

^0 

From  the  computation  tree  we  see  that 

count(Tprodl'2  •  0,  *)  =  0  and  count(Tprodl'2  •  0, {Car,  Cdr})  =  2 
More  generally  by  the  analysis  of  T prodc  given  above,  we  can  show  that 
count(Tprodl^c,  *)  =  Before(e)  and  count(Tprodl'c,  {Car,  Cdr})  =  Upto(e)  —  1 
Thus  we  have  established  that  the  pfn  Tprodl  satisfies  J. 

11. 2. 2.  Tprod2  —  noting  the  calling  context 

The  second  solution  Tprod2  uses  continuation  noting  and  resumption.  The 
auxiliary  pfn  T prodg  has  as  additional  argument  a  continuation  representing  the 
calling  context.  A  value  is  returned  to  the  calling  context  by  applying  the  continu¬ 
ation  parameter  to  that  value.  Otherwise  the  computation  proceeds  in  the  manner 
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described  by  Tprod.  Tprod2  notes  its  calling  context  and  calls  Tprodg  with  that 
continuation  as  the  auxiliary  parameter.^ 

>  Tprod2(x)  note(g)Tprodg(x,g) 

>  Tprodg(x,g)  •«—  if(Atom(x), 

if(Zerop(x),g(0),x), 

Tprodg(Car(x),g)  *  Tprodg(Cdr(x),g)) 

In  order  to  make  sense  of  notions  such  as  noting  the  current  context  and  resuming  a 
computation,  we  fix  a  definite  order  of  evaluating  subexpressions,  namely  left-most 
first.  Thus  a  computation  tree  is  generated  by  a  uniquely  determined  sequence  of 
stages.  At  each  stage  there  is  a  current  node  and  the  context  is  the  surrounding 
partial  computation  tree.  The  rules  for  noting  zmd  resumption  are 

(Note)  To  compute  note(g)f  with  continuation  7,  compute  f  with  7  bound  to  g. 

(Resume)  If,  in  the  process  of  carrying  out  a  computation,  a  continuation  7  is 
applied  to  a  value  u,  the  computation  described  by  7  is  resumed  with  t;  as 
the  value  returned  by  the  subcomputation. 

We  say  that  a  description  returns  a  value  normally  if  in  any  context  the  com¬ 
putation  described  returns  a  value  to  that  context.  Computations  described  by 
note-forms  such  as  note(g)f  and  by  continuation  application  forms  such  as  g(fo) 
when  a  continuation  bound  to  g  have  the  following  properties. 

(i)  If  f  returns  a  value  normally  then  note(g)f  returns  a  value  normally  and  the 
value  returned  by  note(g)f  is  the  value  of  f. 

(ii)  If,  in  the  process  of  evaluating  f,  a  sub-expression  g(fo)  is  evaluated  and  fo 
returns  a  value  normally,  then  note(g)f  returns  a  value  normally  and  the  value 
of  fo  is  the  value  of  note(g)f. 

(iii)  More  generally,  if  note(g)f  is  evaluated  with  continuation  7,  and  either  f  re¬ 
turns  the  value  t;  normally  or,  during  the  computation  of  f,  7  is  applied  to  v 
then  note(g)f  returns  a  value  normally  and  v  is  the  value  returned  by  note(g)f. 

(iv)  If  the  value  of  g  is  a  continuation  and  fo,  fi  return  values  normally  then  the 
result  of  computing  fi(g(fo))  is  the  same  as  the  result  of  computing  g(fo)- 

In  the  computation  described  by  Tprodg '(e,  7),  the  continuation  7  is  carried  eis  a 
parameter.  If  no  zeros  are  encountered,  the  computation  described  by  T prodg  '(e,  7) 
is  essentially  that  described  by  Tprod '(e)  and  7r(e)  is  returned  as  a  value.  If  a  zero 
is  encountered,  zero  is  returned  to  7,  i.e.  7  is  applied  to  zero,  which  causes  the 


^  note  is  similar  to  Reynold’s  escape  construct  and  the  Scheme  catch  construct. 
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computation  to  resume  in  the  context  represented  by  7.  Thus  we  see  that  T prod2 '  e 
in  any  context  returns  value  7r{e).  This  argument  will  be  made  more  precise  below 
as  we  explain  the  structure  of  computations  such  as  those  described  by  T prodg. 

II. 2. 2.1.  Structure  for  computations  noting  continuations 

Having  fixed  an  order  for  evaluating  subexpressions  means  that  computation 
is  a  process  of  generating  a  sequence  of  computation  stages.  For  sequential  compu¬ 
tation,  we  represent  these  stages  by  states  which  contain  only  the  information  from 
the  corresponding  stage  needed  to  carry  out  the  remainder  of  the  computation.  A 
state  is  a  continuation  7,  representing  the  computation  context,  together  with  a 
current  subtask  which  is  either  to  begin  a  subcomputation  ()  or  to  return  a  value 
V.  In  symbols  a  state  has  one  of  the  forms  7  v  t)  (begin  computation  of  H  with 
continuation  7)  or  7  ^  u  (return  v  to  7) .  The  empty  context  is  represented  by  the 
identity  continuation  Id.  We  say  a  computation  sequence  returns  a  value  t;  if  the 
last  state  in  the  sequence  is  Id  a  v.  Continuations  are  built  up  from  the  identity 
continuation  by  composition  of  segments  associated  with  nodes  of  the  computa¬ 
tion  context  along  the  path  to  the  current  node.  In  this  sense  continuations  are 
similar  to  stack  frzimes.  Each  segment  describes  the  remainder  of  the  computation 
at  its  aissociated  node  as  a  function  of  the  value  returned  by  the  subcomputation 
in  progress.  For  example  Appc(t?)  is  the  continuation  segment  for  an  application 
node  where  the  argument  sequence  is  being  computed.  We  write  7  o  Appc(t?)  for 
the  composition  of  7  with  Appc(t?).  If  is  returned  to  7oAppc(t?),  t?  is  applied  to  v 
with  continuation  7.  ([fojfi]  I  0  describes  an  argument  sequence.  (Carti(fi)  I  0  is 
the  continuation  segment  for  an  argument  sequence  node  where  the  first  argument 
(fo  I  is  being  computed.  Cartc(vo)  is  the  continuation  segment  for  an  argument 
sequence  node  where  the  value  of  first  argument  is  Vq  and  the  second  argument  is 
being  computed.  If  vq  is  returned  to  70  (Carti(fi)  I  then  computation  of  (fi  | 
is  begun  with  continuation  7  o  Cartc(t;o).  If  vi  is  returned  to  7  o  Cartc(t;o)  then 
the  sequence  [wq,  ui]  is  returned  to  7. 

The  computation  described  by  Tprod2^e  with  continuation  7  is  a  sequence 
of  states  beginning  with  7  v  Tprod2'e.  Tprod2'e  is  note(g)Tprodg(g,x)  in  an 
environment  binding  c  to  x.  According  to  the  rule  for  note,  the  next  step  is  to 
begin  the  computation  described  by  Tprodg'(c,7)  with  continuation  7.  In  symbols 

7  V  Tprod'e  =  7  V  (note(g)Tprodg(g,x)  |x-<-c)  7  v  Tprodg'(c,7) 

where  > — *■  is  the  step  relation  on  states.  To  compute  Tprodg^(e,7)  with  current 
continuation  7cur  there  are  three  cases.  If  e  is  zero  then  Atom(e)  and  Zerop(e) 
are  true  and  the  conditional  branch  selected  is  g(0).  Thus  7  is  applied  to  zero 
and  computation  resumes  at  the  point  represented  by  7  with  zero  as  the  value 
returned. 


Ifcur  Tprodg'(0,7)  X- ►  7cur  (g(0)  I  g-^7)  Icnr  '=’  7^0  7  A  0 
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If  e  is  atomic  and  non-zero  the  brsinch  selected  is  x  and  t  is  returned  to  the  current 
context. 

7cur  ^  Tprodg'(c,7)  7cur  V  (x  I  X  -^e)  Tfcur  e 

If  c  is  non-atomic  the  branch  selected  b  *(Tprodg(Car(x),g),Tprodg(Cdr(x),g)). 
Thus  computation  of  the  argument  sequence 

[T  prodg(Car(x) ,  g),  T  prodg(Cdr(x),  g)] 

is  begun  with  the  continuation  extended  by  composition  with  Appc(*).  In  symbols, 
computation  proceeds  to  the  state 

7curoAppc(*)  V  ([Tprodg(Car(x),g),Tprodg(Cdr(x),g)]  I  x-<-c,g-^7) 

The  next  state  begins  computation  of  the  first  argument  Tprodg(Car(x),g)  with  the 
continuation  extended  by  composition  (Carti{Tprodg(Cdr(x),g))  1  £).  In  symbols 

'ycuroAppc(*)  o  (Carti(Tprodg(Cdr{x),g))  I  i)  v  (Tprodg(Car(x),g)  1  0) 

If  there  are  no  zeros  in  Car(e),  then  eventually  7r(Car(c))  will  be  returned  and 
computation  of  Tprodg(Cdr(x),g)  will  be  begun.  The  continuation  at  this  point  is 
■7cur  o  Appc(*)  composed  with  Cartc(7r(Car(e))) 


7cur  o  Appc(*)  o  (Carti(Tprodg(Cdr(x),g))  I  i)  a  ?r{Car(e)) 

'Ycur  o  Appc(*)  o  Cartc(7r(Car(e)))  v  (Tprodg(Cdr(x),g)  I  ^)) 

If  there  are  no  zeros  in  Cdr(e),  then  eventually  7r(Cdr(e))  will  be  returned,  *  will 
be  applied  to  the  pair  of  results,  and  7r(c)  will  be  returned  to  7cur* 


7cur  o  Appc(*)  o  Cartc(7r(Car(e)))  a  7r(Cdr(e)) 
7cur  ^  *'[7r(Car(e)),7r(Cdr(e))] 

'7cur  ?r(e) 
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As  an  example,  the  sequence  of  states  for  the  computation  of  Tprod2'(2  •  0)  with 
continuation  7  is  (omitting  some  details) 

7  V  T prod2  '{2  •  0) 

7  V  Tprodg'(2  •  0,7) 

71  V  Tprodg'(2,7) 

>— +  7i  A  2 

72  V  Tprodg'(0,7) 

72  V  7'0 

>— f  7  A  0 


where 

71  =  7oAppc(*)  o  (Carti(Tprodg(Cdr{x),g))  I  g-<-7,x-<-2  •  0) 

72  =  7  o  Appc(*)  o  Cartc(2) 

We  read  from  the  sequence  of  states 

count(Tprod2^2  •  0,  *)  =  0  and  count{Tpro62*2  •  0,{Car,Cdr})  =  2 

Here  count  (Tprod2^  c,  O)  is  the  number  of  states  of  the  form  ^  o*  d  for  some  o  in 
O  and  some  data  sequence  d  occurring  in  the  computation  sequence  for  Tprod2'c. 

The  analysis  above  verifies  our  claim  that  Tprod2  computes  the  tree  product 
function.  Also  we  can  show 

coun<(Tprod2^c,  *)  =  Before(e)  and  count(Tprod2^e,  {Car,  Cdr})  =  Upto(e)  —  1 

Thus  we  have  shown  that  T prod2  satisfies 
Remarks 

•  Both  tree-structured  computation  and  sequential  computation  are  carried  out 
as  stepwise  processes.  The  difference  is  that  at  each  stage  in  the  generation  of  a 
computation  tree  there  is  in  general  a  frontier  of  active  nodes  where  extensions 
can  be  made,  while  in  the  generation  of  a  computation  sequence  there  is  a  unique 
active  node.  A  computation  state  can  be  thought  of  as  the  corresponding  partial 
computation  tree  pruned  and  flattened  in  such  a  way  that  the  active  node  is 
exposed. 

•  Tree-structured  computations  such  as  those  described  by  Tprod,  Inz,  and 
Tprodl  can  be  carried  out  as  sequential  computations.  The  computation  tree 
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can  be  constructed  from  the  completed  computation  sequence  as  continuations 
essentially  paths  in  the  computation  tree. 

•  In  computations  involving  context  switching,  i.e.  continuation  application, 
the  relations  are  not  in  general  meaningful.  For  pfns  such  as  Tprod2  that 

return  a  value  normally,  even  though  context  switching  may  occur  in  the  process 
of  computation,  the  expressions  Tprod2'c  ;r(e)  does  make  sense.  Namely,  it 
asserts  that  Tprod2'e  returns  w{e)  in  any  context. 

II. 2. 3.  Continuation-passing  vs  continuation-noting 

By  using  continuation  pfns,  as  in  the  Tprodl  example,  we  can  remain  within 
the  world  of  tree-structured  computations  where  pfns  compute  functions  in  the 
ordinary  sense.  On  the  other  hand,  using  note,  as  in  the  Tprod2  example,  the 
programs  describing  corresponding  computations  are  much  simpler,  easier  to  un¬ 
derstand  (given  a  little  practice)  and  easier  to  write.  They  are  also  more  reliable, 
since  the  machine  carrying  out  the  computation  constructs  the  continuation  me¬ 
chanically  instead  of  the  programmer  constructing  it  by  hand. 

The  analysis  of  the  computations  described  by  Tprodc  and  Tprodg  involved 
essentially  the  same  arguments  applied  to  different  representations  of  computation 
stages.  In  terms  of  abstract  machines,  Tprodl  and  Tprod2  describe  isomorphic 
computations,  i.e.  there  is  a  correspondence  between  the  computation  steps.  For 
example,  the  steps  of  Tprodg '2  •  0  correspond  to  those  of  Tprodc '2  •  0  as  follows. 

7  V  T prod2'(2  •  0) 

7  V  T prodg  *(2  •  0, 7) 

71  V  Tprodg '(2,7) 

>-* 

72  V  Tprodg  ^(0,7) 


Tprodl  "(2  •  0) 

Tprodc'(2  •  0,A(z)z) 

»- 

T prodc  '(2,  t?a(2  •  0,  A(z)z)) 
»- 

t?a(2‘0,A(z)z)"2 

>->- 

T  prodc  '(0,  t?d(2,  A(z)z)) 


7^0 


0 
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II. 3.  Equations  and  transformations 

In  this  section  we  give  some  examples  of  equations  and  transformations.  We 
first  consider  the  case  of  tree-structured  computation  and  begin  with  equations 
based  on  the  value  returned  by  a  computation.  We  then  look  at  some  standard 
transformations  on  forms  and  at  the  corresponding  transformations  induced  on  the 
computations  described.  These  tools  are  combined  with  program  transformation 
methods  to  derive  the  recursion  equation  for  Tprodc  from  an  explicit  definition 
given  in  terms  of  Tprod  and  Inz.  Finally  we  show  how  many  of  the  ideas  for 
tree-structured  computation  can  be  extended  to  sequential  computation.  As  an 
example  of  using  program  transformations  involving  continuations  we  also  derive 
the  recursion  equation  for  Tprodg  from  an  explicit  definition  given  in  terms  of 
Tprod  and  Inz. 

n.3.1.  Equations  for  tree-structured  computation 

A  simple  characterization  of  the  function  computed  by  T prodc  is  given  by  the 
equation 

(Tprodc^)  Tprodc(x,c)  ^  if(lnz(x),0,c(Tprod(x))) 

where  x  ranges  over  number  trees  and  c  ranges  over  pfns.  The  meaning  of  this 
equation  is  that  in  any  environment  binding  a  number  tree  to  x  and  a  pfn  to  c, 
if  the  computation  described  by  the  form  on  either  side  of  the  sign  returns 
a  value,  then  both  computations  return  the  same  value.  This  is  another  way  of 
saying  that  Tprodc  and  A(x,c)if(lnz(x),0,c(Tprod(x)))  compute  the  same  (partial) 
function  on  number  trees  and  pfns.  (Tprodc?=^)  follows  easily  from  the  analysis  of 
Tprodc  given  above. 

One  source  of  equations  is  recursive  definition.  For  each  recursive  definition 
the  equation  obtained  by  replacing  •*—  by  ;=^  holds  for  all  interpretations  of  the 
free  symbols.  For  example 

(Tprod>)  Tprod(x)  ^  if(Atom(x),x,  Tprod(Car(x))  *  Tprod(Cdr(x))) 

(lnz>)  Inz(x)  ^  lf(Atom(x),Zerop(x),or(lnz(Car(x)),  Inz(Cdr(x)))) 

(Tprodo)  Tprodc{x,c)  ^  if  (atom  (x), 

if(zerop(x),0,c(x)), 

Tprodc(Car(x),  A(y)(Tprodc(Cdr(x),  A(z)c(y  *  z))))) 

^  is  an  equivalence  relation,  but  not  a  true  equality  relation.  Substitution  of  ^- 
equivalent  forms  at  a  position  in  a  given  form  yields  ^=i;-equivalent  forms  iff  that 
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position  is  evaluated  or  discarded  in  the  process  of  evaluating  the  entire  form.  We 
call  such  positions  ^^-substitutable  positions.  For  example  we  have 

(i)  Tprod(x)  ^  if(lnz(x),0,Tprod(x)) 

(ii)  Tprod(x)  *  y  ^  if(lnz(x),0,Tprod{x))  *  y 

(Hi)  -.(A(y)(Tprod(x)  *  y)  ^  A(y){if(lnz{x),0,Tprod(x))  *y)) 

(i)  is  just  the  assertion  that  TprodO  computes  the  same  function  as  Tprod.  (ii) 
follows  from  (i)  by  substitution.  The  inequivalence  (Hi)  is  because  the  two  form 
denote  pfns  which  are  the  same  as  functions,  but  describe  different  computations 
and  thus  are  different  pfns. 

II.3.2.  Transformations  for  tree-structured  computation 

Now  we  look  at  some  standard  transformations  on  forms  and  the  correspond¬ 
ing  transformations  induced  on  the  computation  trees  described,  f,  fo,  ...stand 
for  forms,  fo  fi  is  read  as  “fo  transforms  to  fi”. 

If  transformations 

Two  transformation  rules  for  if-forms  are  if-distribution  and  if-simplification 
(introduced  in  McCarthy  [1963b]).  If-distribution  has  the  form 

(if-if)  if(if(fo>fljf2)>f35f4)  if(fojif(fl.f35f4),if(f2>f3»f4)) 

for  distribution  of  if  over  if  and 

(if.ap)  f(if(fo,fi,f2))  •-+  if(fo,f(fi),f(f2)) 

for  distribution  of  application  over  if.  We  call  the  inverse  of  a  distribution  trans¬ 
formation  a  factoring.  If  fb  is  obtained  from  fa  by  application  of  if-distribution  and 
factoring  transformations  at  ^-substitutable  positions  then  fa  ^  fb-  The  com¬ 
putation  trees  described  by  fa  and  fb  are  the  same  except  for  rearrangement  of 
nodes  where  distribution  or  factoring  has  been  applied.  In  particular,  the  amount 
of  work  in  carrying  out  computations  described  by  related  forms  is  the  same.  For 
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•'fo 

•'fo 

•'fl 

•li  fs 

'•fs 

flh.=if(fo,lf(fl>f3,f4),lf(f2,fs,f4)) 

frh.=if(fo,if(fl,fs,fs),If(f2,f3,f6)) 

where  f4  =  if(fo,f6,f6) 

Figure  5.  The  effect  of  if-simplification  on  computation  structure. 

example,  if  fo  is  true  and  fi  is  false  the  computations  of  the  left  and  right  side  of 
(if.if)  have  the  shape  shown  in  Figure  4. 

A  typical  if-simplification  is  to  omit  redundant  computations  of  a  test.  For  example 
if  U  =  '^(fojfs.fe)  we  have  the  simplification 


(if.simp)  if(fo,if(fi,f3,f4),if{f2,f3,f4))  ^  if(fo,if(fi,f3,f5),if(f2,f3,f6)) 


If  fa  transforms  to  fb  by  applying  (if.simp)  at  ^-substitutable  positions  then  fa  ^ 
fb  and  the  computations  described  by  fb  are  related  to  those  described  by  fa 
by  pruning  redundant  subcomputations.  Thus  less  work  will  generally  be  done 
computing  fb.  For  example,  if  fo  is  true  and  fi  is  false  then  the  computations  of 
the  left  and  right  side  of  (if.simp)  have  the  shape  shown  in  Figures. 
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A  final  if-simplification  which  we  will  need  for  our  examples  is  (if.or)  which  elimi¬ 
nates  disjunction  in  the  test  position. 

(if.or)  if(or(fo,fi),f2,f3)  if(fo,f2, if(fi>f2,f3)) 

(if.or)  transformations  applied  at  ;=^-substitutable  positions  preserve  ^-equivalence. 
Let  conversions 

Application  expressions  such  as  {A(y)fi}(fo)  describe  a  special  kind  of  pfn 
application  which  serves  to  make  temporary  bindings,  i.e.  to  give  a  name  to  the 
value  of  an  expression  locally.  To  emph2isize  this  fact,  such  expressions  may  be 
written  let{y  fo}fi  and  read  “let  y  be  fo  in  fi”. 

We  call  the  substitution  of  fo  for  y  in  fi  (with  care  taken  not  to  trap  free 
variables  of  fo)  let-elimination. 

(let.elim)  let{y  fo}fi  •-»  fi  Ijj, 

Let-elimination  is  analogous  to  /3-reduction  but  must  be  restricted  depending  on 
the  kind  of  relation  we  wish  to  preserve.  For  example  to  preserve  definedness 
then  either  fo  must  be  defined,  or  some  occurrence  of  y  in  fi  must  be  evaluated  in 
the  computation  of  f i .  Otherwise  the  transformed  expression  will  be  defined  and 
the  original  will  be  undefined.  To  preserve  all  occurrences  of  y  in  fi  must  be 
evaluated  or  discarded  in  the  course  of  evaluating  fi,  i.e.  y  should  not  appear  in 
an  abstraction  that  is  returned  as  a  value  since  the  substitution  will  change  the 
value. 

Forms  related  by  let-eliminations  describe  computations  which  are  related  by 
replacing  one  evaluation  of  fo,  an  application  smd  some  references  to  the  symbol 
y  by  an  evaluation  of  fo  for  each  reference  to  the  symbol  y.  ff  there  is  only  one 
reference  to  y  this  reduces  the  work  by  eliminating  the  binding.  If  there  are 
several  references  to  y,  and  fo  is  a  non-trivial  expression,  then  the  amount  of  work 
is  increased  by  let-elimination.  The  inverse  of  let-elimination,  let-introduction,  is 
sometimes  called  common  sub-expression  elimination.  We  use  let-conversion  to 
refer  to  let-elimination  and  its  inverse. 

II.3.3.  Derivation  of  the  recursion  equation  for  Tprodc 

To  illustrate  the  use  of  program  transformations  in  Rum  we  outline  the  deriva¬ 
tion  of  the  recursion  equation  (Tprodo)  for  Tprodc  from  the  equation  (Tprodc^=^) 
defining  the  function  computed  by  Tprodc.  Such  derivations  can  be  used  in  two 
ways.  If  we  assume  Tprodc  is  defined  by  the  (Tprodo)  (i.e.  by  the  correspond¬ 
ing  recursive  definition)  the  derivation  of  (Tprodo)  from  (Tprodc^)  is  a  proof 
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that  Tprodc  computes  the  function  defined  by  (Tprodc?=^).  Alternatively,  if  we  as¬ 
sume  that  Tprodc  is  specified  by  (Tprodc^)  then  the  derivation  is  an  optimizing 
transformation  by  which  the  definition  (T prodo)  is  obtained.  Recall  (§1.3)  that 
unfolding  means  replacing  an  instance  of  lefthand  side  of  an  equation  by  the  corre¬ 
sponding  instance  of  the  righthand  side  and  folding  means  replacing  an  instance  of 
righthand  side  of  an  equation  by  the  corresponding  instance  of  the  lefthand  side. 

The  main  steps  of  the  derivation  follow.  (T prodc.a)  is  obtained  from  (T prodc;=^) 
by  unfolding  using  equations  (lnz>)  and  (Tprod>)  and  then  applying  if-  and  or- 
simplifications. 

(Tprodc.a)  Tprodc(c,x)  if(Atom(x), 

if(Zerop(x),0,c(x)), 

if(lnz(Car(x)), 

0, 

if{lnz(Cdr(x)), 

0, 

c(Tprod(Car(x))  *  Tprod(Cdr(x))))) 

Using  let-conversion  the  final  clause  of  (T prodc.a)  is  expressed  as  the  application 
of  a  pfn  to  Tprod(Cdr(x)). 

(Tprodc.b)  c(Tprod(Car{x))  *  Tprod(Cdr(x)))  ^ 

{A(z)c(Tprod(Car(x))  *  z)}(Tprod(Cdr(x))) 

Thus  the  final  if-clause  of  (T prodc.a)  has  the  form  of  an  instance  of  the  right  hand 
side  of  (Tprodc^)  and  by  folding  (Tprodc.c)  is  obtained. 

(Tprodc.c)  Tprodc(c,x)  ^  if  (Atom  (x), 

if(Zerop(x),0,c(x)), 

lf(lnz{Car(x)), 

0, 

Tprodc(Cdr(x),  A(z)c(Tprod(Car(x))  *  z)) 

Again  using  let-conversion  the  final  clause  of  (T prodc.c)  is  expressed  as  an  instance 
of  (Tprodc^) 

(Tprodc. d)  Tprodc(Cdr(x),  A(z)c(Tprod(Car(x))  *  z)) 

{■^(y)Tprodc(Cdr(x),  A(z)c(y  *  z))}(Tprod(Car(x))) 

and  (Tprodo)  is  obtained  from  (Tprodc.d)  by  folding. 
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Tl.3.4.  Equations  and  transformations  for  sequential  computation 

Since  ^  is  not  generally  meaningful  for  sequential  computation,  neither  is  the 
equivalence  ^  as  defined.  However,  there  is  a  useful  notion  of  equivalence  obtained 
by  replacing  evaluation  by  “returns  the  same  value  in  all  contexts” .  This  equiv¬ 
alence  is  denoted  by  «.  The  computation  described  by  Tprodg  is  characterized 
explicitly  in  terms  of  Inz  and  T prod  by 

(Tprodgw)  Tprodg(x,g)  « if(Inz(x),g(0),Tprod(x)) 

where  x  ranges  over  number  trees  and  g  ranges  over  continuations.  The  meaning  of 
the  equation  (Tprodg«)  is  that  for  any  environment  ^  binding  a  number  tree  to  x 
and  a  continuation  to  g,  and  for  any  continuation  qf,  if  the  computation  sequence 
from  the  state  beginning  the  computation  described  by  the  form  on  either  side 
of  the  «  sign  with  continuation  7  terminates  with  a  value  then  both  sequences 
terminate  with  the  same  value.  In  symbols 

7  V  (Tprodg(x,g)  I  Id  ^  V  7  v  (if(lnz(x),g(0),  Tprod(x))  I  i)  >— ^  Id  a  « 

(Tprodg«)  follows  easily  from  the  analysis  of  the  computation  described  by  Tprodg 
given  above.  Furthermore,  using  the  properties  of  note  we  have 

Tprod(x)  «  note(g)if(lnz(x),g(0),Tprod(x)) 


Two  expressions  that  are  ^-equivalent  as  descriptions  of  computation  trees 
are  ss-equivalent  as  descriptions  of  computation  sequences.  In  particular,  the 
equations  for  ^  given  above  hold  with  ^  replaced  by  «.  Recursive  definitions 
are  also  a  source  of  «-equivalences.  The  equation  obtained  by  replacing  ♦-  in  a 
recursive  definition  by  «  holds  for  all  interpretations  of  the  free  symbols.  Thus 

(Tprodg>)  Tprodg  (x,g)  «  if  (atom  (x), 

if(zerop(x),g(0),x), 

Tprodg(Car(x),g)  *  Tprodg{Cdr(x),g) 

Substitution  of  ^-equivalent  expressions  is  limited  to  positions  that  are  evaluated 
or  discarded  as  for 

Suitably  restricted,  the  ^-preserving  transformations  on  forms  such  as  if- 
distribution,  if-simplification  and  let-elimination  are  also  «  preserving.  The  re¬ 
strictions  are  basically  that  subexpressions  involved  in  a  change  in  order  of  evalu¬ 
ation  must  return  values  normally.  For  (if. if)  the  expressions  fo,fi,f2  must  return 
values  normally;  for  (if.ap),  the  function  expression  f  and  the  test  expression  fo 
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must  return  values  normally;  and  for  let-elimination  (let.elim)  the  argument  ex¬ 
pression  fo  must  return  a  value  normally. 

In  addition  there  are  transformations  involving  continuation  application  that 
preserve  «.  If  g  ranges  over  continuations  and  f,fi  return  values  normally  then 
the  context  elimination  transformation 

(ctxt.elim)  f(g{fi))  ^  g{fi) 

is  an  equivalence  preserving  transformation.  It  also  eliminates  the  work  of  com¬ 
puting  the  value  of  f.  Combining  context  introduction  with  if-factoring  we  have 

•f(f0,g(f.),f(f2))  if(fo.f(g(fl)).f(t2))  --  f(if(f0.g(tl),f2)) 

is  a  «  preserving  transformation  when  f,  fo,  and  fi  return  values  normally. 

II.3.5.  Derivation  of  the  recursion  equation  for  Tprodg 

Now  we  outline  a  derivation  of  the  recursion  equation  (Tprodg>)  from  the 
explicit  definition  (Tprodgss).  Since  Inz  and  Tprod  return  values  normally,  the 
equations  (lnz>)  and  (Tprod>)  can  be  used  for  substitution  and  if-  and  let-  trans¬ 
formations  involving  these  pfns  as  tests  and  arguments  are  valid.  Thus  the  basic 
ideas  used  in  the  derivation  of  the  recursion  equation  for  Tprodc  apply  to  equa¬ 
tions  involving  Tprodg.  (Tprodg.a)  is  obtained  from  (Tprodgw)  by  unfolding  using 
(lnz>)  and  (Tprod>)  and  then  applying  if-transformations. 

(Tprodg.a)  Tprodg(x,g)  w  if{Atom(x), 

if(Zerop{x),g(0),x), 

if{lnz{Car(x)), 

g(0), 

if(lnz(Cdr{x)), 

g(0). 

Tprod(Car(x))  *  Tprod{Cdr(x))))) 

Using  the  fact  that  {A(z)f}g(0)  «  g(0)  for  any  expression  f  (context  elimination) 
the  context  of  Tprod(Cdr(x))  in  the  final  if-clause  of  (Tprodg.a)  can  be  factored 
out. 

(Tprodg.b)  if(lnz(Cdr(x)),g(0),Tprod(Car(x))  *  Tprod(Cdr(x))) 

«  {A(z)(Tprod(Car(x))  *  z)}if(Inz(Cdr(x)),g(0),Tprod(Cdr(x))) 
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Matching  the  if-form  on  the  righthand  side  to  (Tprodg«)  and  folding  (Tprodg.c) 
is  obtained. 

(Tprodg.c)  Tprodg(x,g)  «  if  (Atom  (x), 

lf(Zerop(x),g(0),x), 

if(lnz(Car(x)), 

g(0), 

{A(z)Tprod(Car(x))  *  z}Tprodg(Cdr(x),g))) 

Repeating  these  steps  the  context  of  T prod(Car(x))  in  the  final  if-clause  of  (T prodg.c) 
is  factored  out  and  (Tprodg.d)  is  obtained  by  folding  again  with  (Tprodg«). 

(Tprodg.d)  Tprodg(x,g)  « if(Atom(x), 

if(Zerop(x),g(0),x), 

{A(y){A(z)y  *  z}Tprodg(Cdr(x),g))} 
Tprodg(Car(x)),g)) 

Applying  let-conversions  we  obtain  (Tprodg>)  as  desired. 
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Chapter  III.  The  meta-world 


In  this  chapter  we  review  the  basic  mathematical  tools  and  structures  used 
in  constructing  the  Zum  world  and  developing  its  theory.  The  main  tools  are 
constructions  of  sequences  and  finite  maps,  and  inductive  generation  of  domains, 
operations,  and  relations.  Three  kinds  of  structures  play  zm  important  role  in  our 
work:  Zum  data  structures,  tree  structures  and  binary  relations  over  a  given  do¬ 
main.  We  assume  that  the  basic  ideas  are  familiar  ones.  The  following  discussion  is 
mainly  to  introduce  our  notation  and  conventions,  and  to  point  out  the  basic  facts 
that  we  will  use,  generally  implicitly.  We  have  collected  all  the  metamathematics 
into  one  chapter  for  convenience.  It  should  be  treated  as  reference  material  and 
need  not  be  read  in  full  before  proceeding.  In  §1  the  notion  of  function  is  discussed 
in  order  to  clarify  terminology.  The  material  on  finite  sequences  (§2),  finite  maps 
(§3),  and  finite  forms  of  inductive  generation  (§4)  is  used  from  the  beginning  and 
the  reader  should  be  familiar  with  the  notions  presented  in  these  sections.  The 
class  of  Rum  data  structures  is  described  in  §5  and  two  examples  are  given:  the 
trivial  structure  and  the  S-expression  structure.  Only  the  basic  features  of  Rum 
data  structures  are  used  for  most  of  the  work  in  Rum.  The  S-expression  structure 
serves  as  a  concrete  and  typical  example.  It  is  the  structure  used  informally  in 
Chapter  II  and  will  be  used  in  examples  given  in  Chapter  IV  and  Appendix  B.  Tree 
structures  occur  throughout  the  work  in  Rum.  For  the  most  part  we  think  of  tree 
structures  pictorially  as  tree-shaped  graphs  with  additional  labeling  information 
associated  with  some  nodes.  The  point  is  to  provide  geometric  intuitions  about 
these  objects  and  certain  kinds  of  operations  on  them.  The  material  presented 
in  the  section  on  tree  structures  as  mathematical  structures  (§6)  is  used  only  in 
Appendix  A  and  Appendix  B.  The  material  presented  in  the  section  on  binary 
relations  (§7)  is  used  mainly  in  Chapter  VI. 

As  to  general  format,  references  to  chapter  will  be  by  number  (upper  case 
roman  numerals).  References  to  sections  within  the  same  chapter  are  by  section 
number  while  references  to  sections  in  other  chapters  contain  the  chapter  number 
and  the  section  number.  Thus  §3  refers  to  section  3  of  the  current  chapter  and 
§IV.2  refers  to  section  2  of  chapter  IV.  Definitions  of  constants,  functions,  relations, 
etc.  are  marked  by  the  sign  >.  For  example  this  is  the  format  of  the  pfn  definitions 
given  in  Chapter  II.  Facts,  lemmas,  theorems,  etc.  are  marked  by  the  sign  ■. 
Equations,  theorems,  and  other  such  items  to  which  we  may  wish  to  refer  are 
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given  names.  For  displayed  items,  the  name  appears  at  the  side  of  the  item.  This 
is  the  format  used  for  naming  transformations  in  §11.3. 

■  A  fact  . . . 

Gives  the  name  “a  fact”  to  the  fact  described  by  .... 

We  will  mostly  work  within  an  informal  set-theoretic  framework.  N  denotes 
the  natural  numbers  and  we  will  use  to  range  over  natural  numbers.  We 

use  braces  {,  }  in  several  different  kinds  of  expressions  -  in  application  expressions 
for  readability,  for  set  formation,  substitution  into  a  context,  Kleene  braces,  etc. 
Many  of  these  uses  have  already  appeared  in  Chapter  I.  They  will  be  pointed  out 
again  when  they  first  arise  officially.  There  should  be  no  confusion,  as  context  will 
always  determine  what  use  is  intended. 

Formal  theories  in  which  various  fragments  of  our  work  can  be  represented 
quite  naturally  are  given  in  Feferman  [1979,  1981,  1982].  In  particular,  the  defini¬ 
tions  of  the  domains  and  basic  computation  relations  of  Zum  can  be  carried  out 
in  FMO  [Feferman  1982]  (a  theory  of  inductive  definitions  with  the  proof-theoretic 
strength  of  primitive  recursive  arithmetic).  The  entire  work  of  chapters  IV,  V, 
and  VII  and  the  examples  of  Appendix  B  can  be  carried  out  in  FMl  [Feferman 
1982]  (an  extension  of  FMO  with  proof-theoretic  strength  of  Peano  arithmetic). 
The  work  on  comparison  relations  (Chapter  VI)  requires  stronger  theories  such 
as  Feferman  [1979]  or  Feferman  [1981].  These  latter  theories  treat  functions  and 
classes  as  intensional  objects.  It  is  unclear  how  far  one  can  go  in  such  theories  in 
formalizing  some  Eispects  of  extensionality  used  in  discussing  comparisons,  however 
this  is  a  very  small  part  of  the  work  on  comparisons. 

We  will  sometimes  use  the  terms  informal  and  formal  loosely  to  distinguish 
between  ideas  presented  by  picture  or  example  and  ideas  presented  using  precisely 
defined  structures  and  relations.  It  will  generally  be  the  case  that  formal  in  the 
sense  just  explained  will  be  a  large  step  towards  formal  in  the  logical  sense  of 
representation  within  a  formal  system. 


III.l.  What  is  a  function? 

As  pointed  out  in  Chapter  I,  there  are  two  interpretations  of  “function” .  Both 
involve  the  idea  that  a  function  prescribes  a  map  from  its  domain  A  to  its  range  B. 
One  interpretation  (the  intensional  view)  is  that  a  function  is  a  rule  for  obtaining 
a  value  in  B  given  an  argument  in  A.  The  other  interpretation  (the  extensional 
view)  is  that  a  function  is  a  graph,  i.e.  the  set  of  pairs  (a,  6)  in  AxB  such  that  a  is 
mapped  to  b  by  the  function.  Functions  were  originally  thought  of  as  rules  and  this 
view  is  maintained  in  constructive  mathematics.  In  recursion  theory  and  model 
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theory  the  extensional  view  is  generally  taken.  In  computer  science  literature  both 
interpretations  are  found  and  the  term  is  often  used  quite  ambiguously. 

For  many  purposes,  if  one  maintains  a  consistent  view,  it  does  not  matter 
which  view  is  taken.  The  differences  become  important  when  one  considers  such 
matters  as 

(i)  when  are  two  functions  to  be  considered  equal 

(ii)  what  is  the  space  of  functions  from  AXo  B  for  given  domains  A  and  B. 

While  ambiguity  is  not  always  a  defect,  in  Rum  we  must  say  what  we  mean,  as  we 
are  interested  in  questions  such  as  (i)  and  (ii) .  In  order  to  conform  with  modern 
usage  in  logic  and  mathematics  we  will  use  “function”  in  the  extensional  sense. 
We  use  \A  B\  to  denote  the  space  of  total  functions  from  AtoB  and  [.4  B] 
to  denote  the  space  of  partial  functions  from  A  to  B.  For  /o,/i  €.  [A  B], 

fo  Q  fi  means  that  fi  is  an  extension  of  /o,  i.e.  the  domain  of  /o  is  contained  in 
the  domain  of  /i  and  fo  and  fi  agree  on  the  domain  of  /o.  In  other  words,  □  is 
the  subset  relation  graphs  of  partial  functions. 


III.2.  Finite  sequences 

Finite  sequences  are  a  means  of  packaging  a  finite  collection  of  things  in  a 
given  order.  For  a  given  domain  A,  A*  is  the  domain  of  sequences  from  A.  o  is 
the  empty  sequence,  it  has  length  0.  If  vq  and  Vi  are  sequences  then  [vcwi]  is 
the  concatenation  of  vq  and  Ui.  Its  length  is  the  sum  of  the  lengths  of  vq  and  wi. 
The  length  of  a  sequence  v  is  denoted  by  |v|.  Formally  there  is  an  injection  map 
from  A  to  the  sequences  of  length  one  in  A*.  Informally  we  will  not  distinguish 
elements  from  singleton  sequences.  If  a  is  an  element  of  A  and  t;  is  a  sequence 
then  [a,t;]  is  a  non-empty  sequence;  1“‘  [o,  w]  is  a,  the  first  element;  and  r®‘  [a,  w] 
is  V,  the  remainder.  l®*o  is  o  and  is  o.  For  *  <  |w|,  uj.,-  is  the  element  of 
V.  In  particular,  ujo  =  v  and  =  (r®*  Concatenation  is  associative 

with  the  empty-sequence  as  right  and  left  identity.  We  write  [ui,  ...  ,  v^]  for  the 
concatenation  of  the  sequences  vi,  ...  ,t;n.  aisa  member  of  t;  (written  a  &  v) 
iff  V  is  [woj  <*»  vi]  for  some  sequences  vo,wi-  Since  A*  is  generated  from  the  empty 
sequence  and  elements  of  A  by  concatenation  we  may  make  definitions  and  proofs 
by  sequence  induction.  Figure  6  sunamarizes  the  facts  about  sequences. 
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Generation  of  A*  irom  A 

d€A*,  o€A*,  [t;o,vi]€A* 

Laws  for  sequences 

([ro,  »i],  1/2]  =  [vo,  [»i,  V2]]  [vo.d]  =  [o,  Vo]  =  □ 

|□|=0  |o|  =  l  |[vo,vi]|  =  |voI  + |vi| 

l*‘[o,v]  =  a  l*‘o  =  D  r‘‘[o,v]  =  v  r**o  =  o 

vio  =  l*‘v  vi<+i  =  (r**  v)i<  a  e  V  (3vo,vi)v  =  [vojO.vi] 

where  a  is  an  element  of  A  and  v,vo  ...  are  elements  of  A* 


Figure  6.  About  finite  sequences 


III.3.  Finite  maps 


Finite  maps  are  functions  with  finite  domains  that  are  presented  as  finite  sets 
of  argument  value  pairs  called  bindings.  For  domains  Ao  and  Ai,  [Aq  *>-  Ai]  is  the 
set  of  finite  maps  from  Aq  to  Ai,  generated  from  the  empty  map  by  the  binding 
operation.  The  empty  map  {}  is  given  by  the  empty  set  and  has  an  empty  domain. 
For  oo  £  Ao,  Cl  €  Ai,  and  ^  a  finite  map  from  Aq  to  Ai,  ^{oq  ai}  is  the  map 
obtained  from  f  by  binding  oi  to  oq.  The  domain  of  01}  is  obtained  from 

the  domain  of  ^  by  adding  co.  For  a  in  the  domain  of  ^{oq  ci}  we  have 


e(a) 


if  o  =  flo 
if  a  ^  ao. 


Two  finite  maps  are  equal  just  when  they  are  equal  as  functions.  Different  con¬ 
structions  may  give  rise  to  the  same  functions  since  old  bindings  are  forgotten. 

Given  a  distinguished  (default)  element  a*  of  Ai  each  finite  map  determines  a 
total  function  from  Aq  to  Ai  which  maps  elements  not  in  the  domain  of  the  finite 
map  to  a*.  We  use  [Aq  *>-  Aijo*  to  indicate  that  a  distinguished  element  o*  has 
been  fixed.  When  Ai  is  a  sequence  domain  we  often  take  the  empty  sequence  as 
the  distinguished  element. 

The  rules  for  generation  of  finite  maps  from  Aq  to  Ai  and  for  application  of 
finite  maps  are  summarized  in  Figure  7. 


Finite  inductive  generation  of  objects  and  relations 
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Generation  of  [Ao  Ai] 

{}  €  [Ao  *>-  Ai],  ^{<*0  fli}  €  [Ao  *>-  Ai] 

The  domain  of  a  finite  map 

dom({})  =  0  dom{^{ao  oi})  =  dom{^)  U  {ao} 

The  function  associated  with  a  finite  map  with  default  a* 

{}(ao)  =  a*  if  a  J  ao 

Equality  of  finite  maps  with  default 

^0  =  ^1  ^  (Va  6  dom(^o)  UdoTn(^i))(^o(o)  =  ^i(a)) 
where  ^,^o,^i  €  [Ao  *>-  Ai]  and  a,ao  €  Ao,  oi  €  Ai 

Figure  7.  About  finite  maps 


III.4.  Finite  inductive  generation  of  objects  and  relations 

Finite  inductive  generation  is  our  main  tool  for  defining  domains,  operations 
and  relations.  A  finitely  generated  domain  is  given  by  a  set  of  rules  for  constructing 
objects  in  the  domain.  The  interpretation  is  that  the  only  objects  in  the  domain 
are  those  obtained  by  a  finite  sequence  of  constructions.  The  generation  of  the 
finite  map  domain  over  domains  Aq,  Ai  is  an  example  of  our  presentation  of 
finitely  generated  domains.  The  rules  for  constructions  are  expressions  which 
implicitly  contain  the  information  as  to  the  construction  operation  and  its  type. 
In  addition,  rules  for  equality  may  given.  We  assume  that  objects  generated  by 
different  constructions  (named  by  different  terms)  are  different  unless  they  can 
be  proved  equal  using  the  rules  for  equality.  Abstractly  the  domains  we  consider 
are  freely  generated  algebras  modulo  an  equivalence  relation,  i.e.  they  are  initial 
algebras.  The  signature  of  the  algebra  can  be  read  from  the  construction  rules. 
For  inductively  generated  domains  we  have  principles  for  definition  and  proof  by 
induction  on  the  generation  of  objects  in  the  domain.  For  example  the  application 
laws  for  finite  maps  and  the  definition  of  the  domain  of  a  finite  map  are  defined 
by  finite  map  induction. 
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Many  of  the  relations  defined  in  our  world  are  given  by  inductive  definition 
as  well.  In  the  finitary  case  we  present  such  definitions  by  giving  a  set  of  rules 
(formulas)  for  determining  whether  a  given  tuple  is  in  the  relation.  Formally  the 
defined  relation  is  the  least  relation  (set  of  tuples)  satisfying  the  closure  conditions 
expressed  by  the  rules.  For  inductively  defined  relations  there  are  also  correspond¬ 
ing  principles  of  proof  by  induction. 

We  refer  the  reader  to  Feferman  [1982]  for  a  theory  of  finite  inductive  def¬ 
initions,  to  Goguen  and  Meseguer  [1983]  for  more  about  initial  algebras,  and  to 
Moschovakis  [1975]  or  Aczel  [1977]  for  a  general  theory  of  inductive  definitions. 


ni.5.  kum  data  structures 

We  are  concerned  with  computation  over  data  structures  belonging  to  a  class 
called  generalized  algebraic  data  structures.  Such  structures  consist  of  a  data 
domain  and  a  set  of  operations  that  act  on  sequences  from  the  domain.  It  is  the 
latter  that  distinguishes  these  structures  from  ordinary  algebraic  structures. 

We  use  2)  (plain  or  subscripted)  to  denote  a  data  structure.  We  assume  that 
2)  is  given  as  a  triple  (D,0,  ap)  where  D  is  the  data  domain;  O  is  a  set  of  (codes 
for)  data  operations;  and  ap  is  the  application  operation  which  applies  data  oper¬ 
ations  to  sequences  of  data.  If  o  is  a  data  operation  and  [oi, . . . ,  On]  is  a  sequence 
from  the  data  domain,  then  ap(o,  [oi, . . . ,  On])  is  the  result  of  applying  the  oper¬ 
ation  coded  by  o  to  [ai,...,On].  We  will  generally  omit  explicit  mention  of  the 
application  operation  and  use  ordinary  applicative  notation,  writing  o[oi, . . . ,  On] 
for  ap(o, [ai,...,an]).  We  czm  think  of  operations  having  a  variable  number  of 
arguments,  or  as  having  a  single  argument  which  is  a  sequence  of  arbitrary  finite 
length. 


II1.5.1.  The  trivial  data  structure 

One  data  structure  of  interest  is  the  structure  in  which  the  data  domain  is 
empty  and  the  only  operation  is  Triv,  which  maps  the  empty  sequence  to  the  empty 
sequence.  We  will  denote  this  structure  by  ©0.  Thus 


2)0  =  (0,{Triv},{(Triv,D,D)}). 
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Sort 

Constructor  Constructor 
Domain 

Recog¬ 

nizer 

Uncon¬ 

structor 

Notation 

Dtero 

ZeroMk 

{}* 

ZeroP 

ZeroMk(o)  =  0 

Dneg 

Subl 

Dneg  ®  Dzero 

NegP 

Addl 

Subl(^:)  =  z-l 

Dpos 

Addl 

Dpos  ©  D»ero 

PosP 

Subl 

Addl(z)  =  z  -f  1 

Dstr 

StrMk 

Dr„t 

StrP 

StrUn 

StrMk[zi,...,z„] 

Dmtl 

MtIMk 

{}• 

MtIP 

MtlMk(o)  =  Mtl 

Dpair 

PairMk 

Diexp  ®  Dsexp 

PairP 

PairUn 

PairMkfoi,  02] 

• 

vH 

II 

where 

Zx  y  .  .  •  Zf% 

ranges  over  Dint  = 

Dneq  ®  D^ero  ®  Dpos 

a, 

,  ranges  over  Dsexp 

—  Dint  ®  Dstr  ®  Dmtl  ®  Dpair 

Lists: 

<>; 

a  •  <Oi,...,On>  = 

<a,oi,... 

,On> 

Figure  8.  The  S-expression 

data  structure 

III.5.2.  The  S-expression  data  structure 

The  S-expression  data  structure  JDsexp  =  (DsexpjOsexpjOPggxp)  typical  of 
the  data  structures  we  have  in  mind.  It  contains  a  variety  of  data  construction 
primitives  and  provides  an  abstraction  of  the  algebraic  aspects  of  data  structures 
commonly  used  in  symbolic  computation.  S-expression  operations  and  notation 
are  sununarized  in  Figures. 

The  elements  of  the  S-expression  domain  Dgexp  are  of  four  sorts:  Dmtii  Dint, 
Dgtr,  and  Dpair*  Dmtl  contains  a  single  object,  the  empty  list;  the  elements  of  Dint 
are  the  integers;  the  elements  of  Dgtr  are  strings  of  integers;  and  Dpair  consists  of 
pairs  of  S-expressions.  To  describe  the  generation  of  Dgexp,  we  split  Dint  into  three 
sorts:  Dneg  -  the  negative  integers;  Dzero  -  the  integer  0;  and  Dpos  -  the  positive 
integers. 

The  S-expression  operations  Ogexp  are  constructors,  unconstructors,  and  rec¬ 
ognizers  for  each  of  the  sorts.  Dgexp  is  freely  generated  by  the  construction  opera¬ 
tions  applied  to  suitable  sequences  of  S-expressions.  Dzero  is  generated  by  ZeroMk 
applied  to  the  empty  sequence;  Dneg  is  generated  by  Subl  applied  to  non-positive 
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integers;  and  Dpos  is  generated  by  Addl  applied  to  non-negative  integers.  Dmti  is 
generated  by  MtlMk  applied  to  the  empty  sequence;  Dstr  is  generated  by  StrMk 
applied  to  sequences  of  integers;  and  Dpair  is  generated  by  PairMk  applied  to  S- 
expression  sequences  of  length  2. 

An  unconstructor  applied  to  an  element  of  the  corresponding  sort  returns  the 
sequence  from  which  that  element  was  constructed.  PairUn  is  the  unconstructor 
for  pairs  and  StrUn  is  the  unconstructor  for  strings.  Addl  serves  as  the  uncon¬ 
structor  for  negative  integers,  and  Subl  as  the  unconstructor  for  positive  integers. 
[Unconstructors  for  singleton  domains  are  omitted.] 

A  recognizer  applied  to  an  element  of  the  sort  that  it  recognizes  returns  that 
element.  The  recognizer  for  D^eg  is  NegP;  for  Dzero  is  ZeroP;  for  Dpos  is  PosP;  for 
Dstr  is  StrP;  for  Dmti  is  MtIP;  and  for  for  Dpair  is  PairP. 

A  constructor  applied  to  a  sequence  not  in  its  construction  domain  and  an 
unconstructor  or  recognizer  applied  to  anything  other  than  a  data  element  of  the 
corresponding  sort  return  the  empty  sequence. 

We  use  the  usual  notation  for  integers,  ...  —  2, —1,0, 1,2,  ....  We  write 
”zo, . . . ,  Zm"  for  StrMk[zo,  •  •  •  >  «m]  and  a  •  6  for  PairMk[a, b].  The  following  equa¬ 
tions  illustrate  the  laws  for  data  operations: 

StrMk[zi,...,Zn]  = PairP('*zi,...  ,Zn")  =  ° 
StrP("zi,...,Zn")  =  PairUn("zi, . . . ,  Zn")  =a 

StrUn(''zi,...  ,Zn")  =  [zi,...,z„]  Add^^zi, . . .  ,z„")  =□ 

Lists  axe  the  subset  of  S-expressions  generated  from  the  empty  list  by  pairing 
arbitrary  S-expressions  with  lists.  <>  is  the  empty  list  and  we  write  <ai  . . .  a„> 
for  ai  •  (. ..  (a„  •  <>)...).  Lists  are  an  important  data  structure  for  symbolic 
computation.  They  provide  a  natural  encoding  for  both  sequences  and  tree  struc¬ 
tures. 

Remarks 

•  Our  version  of  the  S-expressions  has  usual  data  domain;  what  is  different  is 
our  presentation  and  choice  of  primitive  operations. 

•  2)sexp  is  the  “standard”  encoding  domain  for  the  metamathematics  of  Rum. 
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III.6.  Tree  structures 

Although  intuitively  we  think  of  tree  structures  in  terms  of  pictures,  it  is 
useful  to  provide  mathematical  structures  having  the  essential  properties  of  these 
intuitive  structures.  We  formalize  tree  structures  using  tree  domains  and  labeling 
functions.  A  tree  domain  A  is  a  set  of  sequences  of  numbers  (called  nodes)  such 
that  if  [u,j\  is  in  A  then  i/  is  in  A.  T  is  the  set  of  tree  domains.  A  tree  domain 
may  be  finite  or  infinite.  |A|  is  the  cardinality  of  A.  A  tree  structure  of  type 
<Ai, . . . ,  An>  is  a  tuple  <  A,  /i , . . . ,  /n>  where  A  is  a  tree  domain  and,  for  1  <  t  <  n, 
fi  is  a  function  with  domain  contained  in  A  and  range  Aj.  T  :  <Ai, . . . ,  An>  is  the 
set  of  tree  structures  of  type  <Ai, . . . ,  An>.  Thus  we  have 

T  =  {A  C  N*  I  \uj]  €  A  J/  €  A} 
df 

T  :  <Ai, . . . ,  An>  = 

df 

{<A,/i, . . .  fn>  I  A  G  T  A  /i  G  [A  Ai]  A  ...  A  /n  G  (A  An]} 

For  T  =  <A,/i,...,/„>,  A  is  called  the  domain  of  r  and  /,•  the  t-th  labeling 
function. 

There  is  a  simple  correspondence  between  tree  structures  and  pictures  of  trees 
such  as  the  computation  stages  shown  in  §11.1  (Figures  1,  2,  3).  The  elements  of 
the  tree  domain  code  paths  to  nodes  in  a  tree  shaped  graph,  and  each  labeling 
function  associates  a  label  to  the  nodes  of  its  domain. 

The  main  operations  and  relations  on  tree  structures  which  are  of  interest 
for  our  work  are  the  subtree  operation,  replacement,  union  of  a  set  of  compatible 
trees,  and  the  containment  relation.  In  the  following,  let  t  =  < A,..., /,,...>, 
To  —  <Ao, . . . ,  /o,*,  be  tree  structures  of  type  <Ai, . . . ,  An>.  It  is  easy  to  see 

from  the  definitions  that  the  operations  give  tree  structures  of  type  <Ai, . . . ,  An>. 

>  Subtree.  For  in  A,  the  subtree  at  t/  in  r  (written  rj.,,)  is  defined  by 

tJ.  (/  =  A J,  1/ . . .  fx\.  1/ , . 
where 

=  and  /44*'o)  =  ifht'ojeA 

^  undefined  otherwise 
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>  Replacement.  For  i/  in  A,  the  result  of  replacing  the  subtree  at  u  by  tq 
(written  T{y  ro})  is  defined  by 

t{u  To}  =  < A{i/  Ao}, . . . ,  fiii'  /o,t},  •  •  •> 
where 

A{z/  Ao}  =  {[u,  I'd]  I  I/O  e  Ao}  U  (A  -  A|  i,) 
and 

f  /o.lWo)  if  "1  =  K>'o|  A  I/O  €  Ao 

/({«/  -*■  /o,. •}(>/■)  =  \  fiWi)  if  1/1  €  (A  -  Ai  J 

V  undefined  otherwise 

>  Containment,  tq  is  contained  in  r  (written  To  C  r)  if  Ao  is  a  subset  of  A, 
and  /o,t  E 

>  Union.  Let  T"  be  a  set  of  tree  structures  of  type  <Ai, . . . ,  An>.  T  is  compatible 
if  for  each  pair  of  trees  in  T,  corresponding  pairs  of  labeling  functions  agree  on 
their  common  domain.  For  such  T  we  define  the  union  (UT)  to  be  the  minimal 
tree  structure  containing  every  element  of  T. 

UT  =  <  Aur»  •  •  •  5  /ur,«,  •  •  •> 
where 

Aur  =  I  (3<A..., €  T)[y  G  A)} 

,  /  \  _  /  fi{y)  if  <A  6  r  and  u  G  dom{fi) 

}uT,i  (I')  -  I  un^jefined  if  (V<  A  G  T)  (i/  ^  dom  ( A) ) 

Note  that  compatibility  assures  that  this  definition  determines  a  well  defined  tree 
structure,  and  r  G  T  implies  r  C  uT. 


III.7.  About  binary  relations 

This  section  contains  a  summary  of  basic  notions  about  binary  relations.  Let 
A  be  a  domain,  Ao  a  subdomain  of  A.  Binary  relations  on  A  are  subsets  of 
A  X  A,  and  as  such,  inherit  the  operations  and  properties  of  sets  of  pairs.  We  will 
generally  write  oq  p  Oi  for  (co,  oi)  6  P-  The  following  is  a  summary  of  definitions 
of  standard  operations  and  relations  on  binary  relations  that  we  will  need  for  our 
work,  a,  ao,  ai  range  over  elements  of  A;  p,  po,  pi  range  over  binary  relations  on 
A.  r  denotes  a  set  of  binary  relations  on  A. 

>  Subrelation;  po  C  pi  oo  Po  <*1  “o  Pi  oi 
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>  Suprelation:  poO  pi  piCpo 

>  Equality:  po  =  Pi  Po  C  pi  A  po  D  pi 

>  Restriction:  oo  pCAol  oi  *->■  oq  G  Aq  A  ci  G  Ao  A  oq  p  ci 

>  Inversion:  cq  p~  ci  ai  p  ao 

>  Composition:  ao(Po  °  Pi)fli  ^  {3a2)(ao  Po  ^2  A  02  pi  ui) 

>  Union:  ao{ur)ai  (3  pG  r)(ao  P  oi) 

>  Intersection:  ao(nr)ai  (V  pG  r)(ao  p  ci) 

>  Inversion  Closure:  p'^  =  pH  p~ 

df 

>  Transitive  Closure:  p"^  is  the  least  relation  such  that 

Oo  P  fli  — »  Oo  p"*"  oi  and  oq  P"*"  oi  A  oi  p  02  — oo  p'^  02 

>  Transitive  Reflexive  Closure:  p*  is  the  least  relation  such  that 

a  p*  a  and  co  p*  oj  A  ai  p  02  — oo  p*  02 

>  Transitive  Union:  WF  =  (UF)* 

>  Properties  and  operations  on  sets  of  relations:  If  ^  is  an  operation  on 
binary  relations  we  write  tf(F)  for  {^(p)  |  p  G  F}  and  if  0  is  a  property  of  binary 
relations  we  write  ©(F)  for  (Vp  G  F)©{p). 
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In  this  chapter  we  describe  the  world  of  tree-structured  computation.  The  ba¬ 
sic  computation  primitives  eire:  getting  a  value  from  the  computation  environment; 
pfn  generation;  application  of  a  data  operation  to  a  data  sequence;  application  of 
a  pfn  to  a  sequence  from  the  computation  domain;  conditional  based  on  a  test 
for  the  empty  sequence;  generation  of  the  empty  sequence;  concatenation  of  se¬ 
quences;  and  selection  of  elements  from  sequences.  Computation  is  a  process  of 
generating  computation  trees. 

In  §1  the  underlying  algebraic  structure  for  this  fragment  of  Hum  is  described. 
In  §2  the  rules  for  computation  are  given.  They  are  interpreted  informally  as 
rules  for  generating  computation  trees,  then  formally  as  defining  the  evaluation, 
subcomputation,  and  reduces-to  relations  on  descriptions.  Viewing  computation 
rules  as  rules  for  generating  computation  trees  provides  information  about  the 
process  of  computation  and  about  the  structures  generated  in  this  process.  The 
computation  relations  provide  a  basis  for  expressing  and  proving  properties  of 
computation.  Additional  relations  useful  for  expressing  properties  of  computation 
are  also  defined.  Some  basic  facts  about  the  computation  relations  are  given, 
including  a  computation  induction  theorem  and  theorems  expressing  the  sense  in 
which  the  two  interpretations  of  the  computation  rules  are  equivalent. 

In  the  remainder  of  the  chapter  we  begin  the  work  in  Hum,  defining  pfns 
and  stating  some  simple  properties.  We  focus  mainly  on  pure  pfns,  which  are 
the  pfns  common  to  all  Hum  worlds.  In  §3  notation  and  conventions  for  working 
in  Hum  are  given.  In  §4  we  build  a  small  library  of  pfn  definitions.  We  begin 
with  a  collection  of  combinatory  pfns  -  pfns  defined  using  only  the  abstraction 
and  application  computation  primitives.  These  examples  illustrate  how  the  stan¬ 
dard  sorts  of  combinators  are  represented  by  pfns.  They  also  illustrate  additional 
properties  that  can  be  expressed  in  Hum  and  point  out  differences  between  Hum 
and  traditional  recursion  and  computation  theories.  The  main  result  is  the  recur¬ 
sion  theorem  for  Hum  which  gives  a  recursion  pfn  that  computes  computationally 
minimal  fixed  points.  Using  the  recursion  pfn  and  sequence  primitives,  pfns  are 
defined  that  describe  some  standard  computation  schemes  which  are  naturally  for¬ 
mulated  as  recursion  on  sequences.  In  §5  pfns  describing  additional  operations  on 
S-expressions  are  defined.  This  provides  concrete  examples  of  computing  in  Hum, 
illustrates  the  use  of  pfns  from  the  pfn  library,  and  sets  the  stage  for  further  work 
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in  the  S-expression  world.  In  §6  we  show  how  streams  can  be  represented  in  Hum 
and  give  examples  of  operations  on  streams  and  properties  characterizing  streams. 

The  point  of  these  examples  is  to  give  the  reader  experience  working  in  Hum, 
to  develop  some  intuitions  about  Hum  computation,  2uid  to  give  a  sample  of  the 
variety  things  to  be  said  about  and  done  with  pfns.  More  substantial  examples 
are  given  in  Appendix  B. 


IV.l.  The  objects  of  Hum 

There  are  several  Hum  worlds  including  the  world  of  tree-structured  computa¬ 
tion  {t-Hum)  and  the  world  of  sequential  computation  (s-^um).  The  raw  materials 
for  a  Hum  world  are  a  set  of  symbols  §y  and  a  data  structure  T).  Data  structures 
were  discussed  in  §111.5.  For  the  present,  symbols  are  just  atomic  entities  that  serve 
as  identifiers.  We  assume  there  are  countably  many  symbols.  The  objects  making 
up  a  Hum  world  are  inductively  generated  uniformly  from  the  given  structures. 
The  inductive  definition  has  essentially  the  same  form  for  ezw:h  world,  the  differ¬ 
ences  being  addition  or  omission  of  clauses  in  the  definition.  The  sorts  of  objects 
maJcing  up  a  Hum  world  are  summarized  in  Figure  9.  In  this  section  we  discuss 
those  objects  needed  for  tree-structured  computation.  The  remaining  objects  are 
used  only  in  sequential  computation  and  will  be  discussed  in  §V.l.  To  simplify 
notation,  we  fix  certain  variables  to  range  over  most  sorts  of  objects.  For  example, 
f  ranges  over  F,  the  set  of  forms.  This  in  indicated  in  Figure  9  by  f  e  F.  A  variable 
with  a  subscript  ranges  over  the  same  sort  as  the  unsubscripted  variable.  Thus  fo 
and  fihs  also  range  over  F.  In  logical  formuleie,  quantifiers  are  to  be  interpreted  as 
quantifying  over  the  range  of  the  variables  being  quantified.  Thus  (Vf)  means  “for 
all  forms  f* . 

Since  constructions  are  uniformly  parameterized  by  the  data  structure  and 
the  set  of  symbols  §y,  we  should  refer  to  ^uw(2(,Sy),  F(a?,Sy)>  etc.  However,  we  will 
generally  work  with  a  fixed  set  of  symbols  and  a  fixed  data  structure  and  omit 
explicit  mention  of  these  parameters.  In  addition,  the  interpretation  of  domain 
symbols  such  as  F  and  the  range  of  the  variable  symbols  of  that  sort  depends  on 
which  world  we  are  working  in.  To  refer  to  a  particular  world  we  use  a  qualifier; 
t-  for  the  world  of  tree-structured  computation  and  s-  for  the  world  of  sequential 
computation.  For  example  elements  of  t-F  are  the  forms  of  t-Hum  and  when 
working  in  i-Hum  (Vf)  means  for  all  forms  in  t-F.  Generally  we  work  in  a  fixed  world 
and  the  qualifier  is  omitted.  In  this  chapter,  since  we  are  working  in  the  world 
of  tree-structured  computation,  Hum  is  interpreted  as  t-Hum,  F  is  interpreted  as 
t-F,  etc. 
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Name 

Notation 

Description 

Data 

D 

domain  of  the  given  data  structure 

d€D* 

sequences  of  data 

Operations 

0  6  O 

operations  of  the  given  data  structure 

Symbols 

s  €  Sy 

for  naming  values 

Forms 

f€F 

symbolic  descriptions  of  computation 

Environments 

finite  maps  that  bind  values  to  symbols 

Dtrees 

H  G  Dt 

descriptions  of  particular  computations 

Pfns 

V?  E  P 

descriptions  of  partial  functions 

Computation 

Domain 

0  G  V 

data,  data  operations,  pfns,  continuations 

Values 

u,ve\* 

sequences  from  the  computation  domain 

Stages 

r  G  O 

partial  computation  trees 

Continuations 

'y  G  Co 

descriptions  of  computation  contexts 

States 

?G  & 

stages  of  sequential  computation 

Figure  9. 

Objects  and  notation 

rv.1.1.  Forms  for  tree-structured  computation 

Forms  are  the  basic  syntactic  entities  of  Jium.  They  serve  as  symbolic  descrip¬ 
tions  of  computation  and  also  as  terms  in  a  language  for  expressing  properties  of 
the  computation  domain.  Forms  are  freely  generated  over  the  set  of  symbols  by 
the  construction  rules  given  in  Figure  10.  A  form  is  either  a  symbol  or  constructed 
using  A,  app,  if,  mt,  cart,  fst,  rst.  Each  construction  corresponds  to  a  computation 
primitive,  as  indicated  in  Figure  10. 

The  construction  rules  are  presented  as  expressions  from  which  we  read  off 
such  information  as  the  official  notation,  the  type,  and  names  of  components  of 
the  corresponding  construction.  The  rule  (mt)  says  that  mt  is  a  form.  From  the 
rule  (app)  we  see  that  app(ffun)farg)  is  the  form  constructed  by  applying  the  app 
constructor  operation  to  the  forms  ffun  and  farg-  We  also  read  from  (app)  that 
app  €  [F  X  F  F],  the  first  argument  for  app  is  the  fun-component,  and  the 
second  argument  is  the  arg-component.  A  form  constructed  according  to  the  rule 
(app)  is  called  an  app-form.  From  the  rule  (lam)  have  A  €  [Sy  x  F  F]. 

Two  forms  are  equal  exactly  when  they  have  the  same  construction.  A  is  a 
binding  construct.  Bound  and  free  symbols  in  forms  are  determined  in  the  usual 
manner,  with  free  occurrences  of  s  in  f  bound  by  the  outer  A-construction  in  A(5)f. 
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Rule 

Form 

Computation  Primitive 

(sym) 

s 

naming  values 

(lam) 

A(tfarg)fbody 

pfn  generation 

(app) 

3PP(ffun  j  f»rg) 

application 

(if) 

(fte«t )  fthen  >  felse) 

conditional  choice  of  subcomputation 

(mt) 

mt 

empty  sequence  generation 

(cart) 

Cart(fih8)  frhs) 

sequence  concatenation 

(fst) 

'fSt(fBeq) 

selection  of  first  element  of  a  sequence 

(rst) 

rSt(fieq) 

selection  of  remainder  a  sequence 

Figure  10.  Forms 

frees (f)  is  the  set  of  symbols  occurring  free  in  f  and  flj^  is  the  result  of  replacing 
free  occurrences  of  «  in  f  by  fo  (with  renaming  of  bound  symbols  in  f  if  necessary 
to  avoid  trapping  of  free  symbols  in  fo). 

IV.1.2.  Semantic  domains  for  tree-structured  computation 

The  remaining  sorts  of  objects  in  t-^um  are  dtrees,  pfns,  environments,  the 
computation  domain,  and  computation  stages.  They  are  semantic  entities  in  the 
sense  that  they  are  used  to  provide  interpretations  of  forms.  Computation  stages 
will  be  discussed  in  §2,  The  remaining  objects  are  generated  from  forms  and  the 
given  data  and  data  operations  by  a  mutual  inductive  definition.  The  domains 
generated  are  (isomorphic  to)  the  minimal  solutions  to  the  following  equations, 

modulo  some  additional  rules  for  equality  (=)  which  will  be  explained  below. 

(dtree)  Dt  ~  (F  x  E)^  ©  (O  x  D*) 

(pfn)  P  ~  (§y  X  F  X  E)£ 

(environment)  E  ~  [§y  *>-  V*]a 

(computation  domain)  V  ~  D  ©  O  ©  P 

•  Dtrees.  The  dtree  equation 


IDt  =  (F  X  E)^  ©(Ox  D*) 
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says  that  a  dtree  is  constructed  either  from  a  data  operation  and  a  data  sequence, 
or  from  a  form  and  an  environment. 

Data  application  dtrees.  We  call  a  dtree  constructed  from  a  data  operation 
and  a  data  sequence  a  data  application  dtree.  o* d  is  the  data  application  dtree 
constructed  from  the  data  operation  o  and  the  data  sequence  d. 

Closure  dtrees.  We  call  a  dtree  constructed  from  a  form  and  an  environment 
a  closure  dtree.  The  closure  of  the  form  f  in  the  environment  ^  is  written  (f  I  0- 
The  closure  operation  constructs  a  finite  tree  structure  in  which  free  symbols  of 
the  form  are  replaced  by  value  nodes  containing  the  value  bound  to  the  symbol  in 
the  environment  (the  empty  sequence,  if  the  symbol  is  not  explicitly  bound  in  the 
environment).  A-bound  symbols  are  replaced  by  binding  arrows  pointing  to  the 
binding  node.  Thus  dtrees  contain  no  symbols.  The  computation  environment  of 
a  dtree  is  the  set  of  value  nodes  of  the  dtree,  each  such  node  being  associated  with 
the  value  occiirring  at  that  node. 

Closure  dtrees  are  generated  freely  from  value  nodes  by  constructions  corre¬ 
sponding  to  the  form  constructions  and  are  classified  according  to  these  construc¬ 
tions  (see  Appendix  A).  For  non-binding  constructions,  the  dtree  components  are 
the  corresponding  form  components  closed  in  the  same  environment.  For  exam¬ 
ple,  (app(ffun,f  arg)  I  e>  is  an  app-dtree.  It  has  fun-component  (ffun  I  0 
axg-component  (farg  I  ^)- 

Dtree  equality.  Two  dtrees  are  equal  only  if  they  are  both  data  application 
dtrees  or  both  closure  dtrees.  Two  data  application  dtrees  axe  equal  iff  the  corre¬ 
sponding  components  are  equal.  The  closures  of  different  form  environment  pairs 
may  be  equal  dtrees.  This  corresponds  to  the  fact  that  two  form  environment  pairs 
may  be  different,  but  still  describe  the  same  computation.  Two  closure  dtrees  are 
equal  just  when  they  describe  the  same  computation.  The  main  point  of  intro¬ 
ducing  the  closure  construction  is  to  capture  this  notion  of  equality.  For  example, 
form  environment  pairs  that  differ  by  renaming  of  environment  bound  symbols  (i) 
and  (ii),  renaming  of  A-  bound  symbols  (iii),  or  modifying  bindings  of  symbols  not 


free  in  the  form  (iv)  describe  the  s 

same  computation. 

(i) 

<x  U>  =  <y  I  C>  if  ^(x) 

=  £(y) 

(ii) 

{cart(x,x)  1  0  =  (cart(x,y) 

10  = 

(cart(z,z)  1  £)  if  ^(x)  =  Oy)  =  0^) 

(iii) 

(A(x)app(f,x)  1  C)  =  (A(y)a 

pp(f,y) 

10 

(iv) 

(x  U)  =  (x  1  ^{y  ^  t;» 

The  equivalence  =  on  form-environment  pairs  is  generated  by  renaming  of  A  and 
environment  bound  symbols  and  by  modifying  bindings  of  symbols  not  free  in  the 
form  and  corresponds  exactly  to  closure  dtree  equality.  Thus  equality  of  dtrees 
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given  as  closures  can  be  determined  with  out  knowing  the  details  of  dtree  structure. 
(This  equivalence  is  defined  precisely  in  Appendix  A.) 

Since  only  the  values  of  symbols  free  in  f  are  relevant  in  a  closure  dtree  we 
may  replace  the  environment  component  by  a  list  of  bindings  for  the  free  symbols 
of  f.  If  there  are  no  free  symbols  we  may  forget  the  environment  entirely.  For 
example,  we  write  (x  I  x-<-  ^(x))  for  {x  |  0  and  A(x)x  for  (A(x)x  I  ). 

•  Ffns.  The  equation  for  pfns 

P  =  (Sy  X  F  X  E)^ 

says  that  each  pfn  is  constructed  from  a  symbol,  a  form  and  an  environment.  We 
write  (A{5arg)fbody  I  0  the  pfn  constructed  from  Sarg,  fbody  and  £.  Sarg  is  the 
pfn  argument  symbol,  fbody  is  the  pfn  body,  and  ^  is  the  pfn  environment.  We  call 
this  the  abstraction  of  fbody  with  respect  to  Sarg  in  Structurally,  pfns  are  just 
A-dtrees,  thus  pfn  equality  is  dtree  equality  restricted  to  pfns.  Note  that,  as  for 
dtrees,  the  same  pfn  may  be  given  by  many  different  symbol,  form,  environment 
triples. 

We  extend  the  application  notation  to  pfns  by  defining 

(AWfiO'o  = 

at 

We  say  that  an  expression  V{*  Vg^  is  well-formed  if  Uf  is  a  data  operation  and  Ua  is 
a  data  sequence  or  if  Uf  is  a  pfn. 

Although  structurally  pfns  and  dtrees  are  the  same,  they  play  different  roles 
as  descriptions  of  computation.  The  dtree  (A(sarg)fbody  I  0  describes  the  prim¬ 
itive  computation  which  returns  the  pfn  (A(«arg)fbody  I  0  value.  The  pfn 
(A(5arg)fbody  I  0  describes  a  family  of  computations  (A(sarg)fbody  I  C)  ^  t'*  In 
general  the  context  determines  which  interpretation  is  intended.  The  need  for  a 
formal  distinction  will  become  clearer  when  we  discuss  machine  structures  and 
morphisms  in  Chapter  VII. 

•  £nvironments.  The  equation  for  environments 

E  =  [§y  V*]„ 

says  that  environments  are  the  set  of  finite  maps  from  symbols  to  values  with 
default  the  empty  sequence.  Thus  environments  are  generated  according  to  the 
rules  for  finite  maps  given  in  §111.3.  Note  that  the  empty  environment  {}  maps 
each  symbol  to  the  empty  sequence. 
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«•  The  computation  domain.  The  equation  for  the  computation  domain 

V  =  D  ©  0©P 

says  that  the  computation  domain  V  consists  disjointly  of  data,  data  operations, 
and  pfns.  Finite  sequences  from  the  computation  domain  (elements  of  V*)  are 
called  values.  They  are  generated  according  to  the  rules  for  finite  sequences  given 
in  §111.2. 

IV.2.  Rules  for  tree-structured  computation 


IV. 2.1.  Computation  primitives 

Each  sort  of  form  corresponds  to  a  basic  computation  primitive.  The  com¬ 
putation  described  by  a  form  relative  to  a  computation  environment  applies  the 
corresponding  primitive  using  results  of  subcomputations  as  parameters.  A  sym¬ 
bol  6  describes  looking  up  its  value  in  the  computation  environment.  A  lam-form 
A(fiarg)fbody  describes  generation  of  the  pfn  given  by  the  symbol  Sarg>  the  form 
fbody  and  the  computation  environment.  An  app-form  app(ffunjfarg)  describes 
the  application  of  the  result  of  the  fun-subcomputation.  to  the  result  of  the  arg- 
subcomputation.  If  the  fun-subcomputation,  described  by  ffum  returns  value  Vfun 
and  the  arg-subcomputation,  described  by  farg?  returns  value  Varg  then  the  com¬ 
putation  proceeds  by  carrying  out  the  computation  described  by  Vfun'warg  (if 
well-formed),  returning  the  value  returned  by  this  subcomputation,  (if  any).  An 
if-form  if(ftest,fthen,fel8e)  describes  a  test  ftest  and  two  branch  subcomputations. 
The  test-subcomputation  is  carried  out  first.  If  the  value  returned  by  the  test- 
subcomputation  is  a  non-empty  sequence  (resp.  the  empty  sequence)  then  compu¬ 
tation  proceeds  by  carrying  out  the  then-  (resp.  else-)  subcomputation,  returning 
the  value  returned  by  this  subcomputation,  (if  any).  The  form  mt  generates  the 
empty  sequence.  A  cart-form  cart(fihs»frh8)  describes  concatenation  of  results  of 
the  Ihs-  and  rhs-subcomputations.  (Think  of  carrying  around  a  collection  of  things 
lined  up  in  a  “cart”.)  A  fst-form  fst(f8eq)  describes  selecting  the  first  element  of 
the  sequence  returned  by  fgeq  and  a  rst-fbrm  rst(fseq)  describes  selecting  the  rest 
of  the  sequence  returned  by  fseq. 

IV.2.2.  Generation  of  computation  trees 

Figure  11  gives  the  rules  for  tree-structured  computation.  These  rules  make 
precise  the  informal  description  of  computation  given  above.  The  rules  are  pre¬ 
sented  as  logical  formulae  and  can  be  interpreted  as  clauses  of  an  inductive  defini¬ 
tion  of  the  relation  symbols  and  This  interpretation  will  be  elaborated 
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Return  Rules  /  The  Evaluation  Relation:  €  [HJt  V*] 

(sym) 

(HO--  e(«) 

(lam) 

<A(Of  1  0  --  (A(«)f  1  0 

(dapp) 

o*d 

•-*  o(d) 

(mt) 

mt  —  □ 

(cart) 

(flha 

1  ‘ ^  Vlh*  ^  (frhs  1  VrhB  ^  {cart(fihs,  frhs)  1  [vihsjVrhs] 

(fst) 

(f*eq 

1  0  --  Vteq  ->■  (fSt(f,eq)  1  0  («»eq) 

(rst) 

(faeq 

1  ()  ^  Vseq  (^'St(fscq)  1  0  ^  (^Bcq) 

(ret) 

i,DoADo--v— 

Reduces-to  Rules:  €  [Dt  ^  Dt] 

(app) 

(ffun  1 

0  Vfun  A  (farg  1  ^arg  ►  (S PP(ffun ,  farg 

)  1  0  Vfun  Varg^ 

(if) 

(ftest  1 

f)  ti  — ►  (if  (ftest)  fthen>  felse)  1  C)  ^  ||  j  | 

U)  if«#o 
if  «  =  o 

Begin  Rules  /  The  Subcomputation  Relation:  ■< 

4  C  [IDt  X  Eh] 

(if.test) 

(ftest  1  (if  (ftest)  ftheri)  felse)  1  0 

(app  .fun) 

(ffun  1  f)  *^1.  (3PP(ffun)  farg)  1  0 

(app.arg) 

(farg  1  (3pp(ffun)farg)  1  0 

(cart.lhs) 

(flhs  1  (C3rt(fih8)frhs)  1 

(cart.rhs) 

(frhi  1  (cart(fih.,frhi)  1 

(fst.seq) 

(f.e<,  1  0  <fSt(f.eq)  1  0 

(rst.seq) 

(fseq  1  f)  “<1  (*'St(fseq)  1  f) 

(redt.beg) 

d  Z>o  — ►  ^0  5 

^  if  Wfun  ^  Varg  is  Well-formed  -  Vfun  €  O  A  Varg  S  2D*  or  Vfun  €  P. 

Figure  11.  Rules  for  tree-structured  computation 
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below.  First  we  explain  briefly  the  interpretation  of  the  computation  rules  as  rules 
for  generating  computation  trees  and  give  pictures  for  two  simple  examples.  Our 
intent  is  simply  to  provide  geometric  intuition  for  the  structure  computation  trees 
and  for  intensional  properties  of  computations  carried  out  by  generating  compu¬ 
tation  trees.  The  mathematical  structures  representing  computations  trees  and 
operations  on  these  structures-  are  defined  in  Appendix  A. 


:  >— ♦  : 

*  V  i 

•  V 

•  —  • 

• 

.  ^  '  • 

/'...\ 

Initial  stage 

(a) 

Begin  subcoxnputation 

Z)o  ~^i,  ZJ 

Return  value 

Z>  v 

(b) 

(c) 

Figure  12.  Generating  computation  trees 

Computation  trees  axe  generated  by  stepwise  extensions  of  partial  computa¬ 
tion  trees,  called  computation  stages.  A  computation  stage  is  a  finite  tree  struc¬ 
ture.  Each  node  is  labeled  by  the  dtree  describing  the  subtree  below  that  node. 
The  root  of  a  completed  subtree  is  also  labeled  by  the  value  returned  by  that 
subcomputation.  The  initial  stage  of  the  computation  described  by  Z)  is  a  single 
node  with  dtree  label,  Z>  -  Figure  12  (a).  There  are  two  sorts  of  steps  -  begin  a 
subcomputation  (apply  a  begin  rule)  and  return  a  value  (apply  a  return  rule).^ 
A  begin  rule  Z>o  applies  at  a  node  labeled  Z>  if  the  rule  has  not  been  used  at 
that  node.  The  subcomputation  is  begun  by  adding  a  new  successor  node  below 
the  given  node.  The  new  node  is  labeled  by  the  dtree  Z)o  -  Figure  12  (b).  A  return 
rule  with  conclusion  Z>  ♦  w  applies  at  a  node  labeled  Z)  if  the  immediate  subcom¬ 
putations  mentioned  in  the  rule  premiss  have  returned  values  matching  those  in 
the  premiss.  A  value  is  returned  at  a  node  by  adding  it  as  the  value  label  of  that 
node  -  Figure  12  (c).  Each  reduces-to  rule  combines  with  the  rule  (redt.beg)  to 


^  This  is  analogous  to  the  classification  of  instructions  given  by  Wegner  [1972]  (see 
§1.4)  for  transformations  on  VDL  computation  states.  Begin  rules  correspond  to  macro 
instructions  and  return  rules  correspond  to  value  instructions. 
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give  a  begin  rule  and  with  (redt.ret)  to  give  a  return  rule  (transitivity  of  impli¬ 
cation).  The  arc  leading  to  a  reduced-to  subcomputation  may  be  labeled  by  with 
the  reduces- to  sign  for  emphasis. 

The  computation  tree  for  a  dtree  t)  is  the  limit  of  the  stages  reachable  from 
the  initial  stage  by  extensions  according  to  the  computation  rules.  At  any  stage 
where  more  than  one  rule  applies,  the  corresponding  extensions  may  be  made  in 
any  order  with  the  same  result.  Thus  the  limit  is  well  defined.  Since  the  process 
of  computation  may  not  terminate  in  finitely  many  steps,  computation  trees  may 
be  infinite,  although  stages  and  descriptions  are  finite.  The  computation  tree 
described  by  a  dtree  returns  a  value  v  if  the  root  of  the  computation  tree  for  5 
has  value  label  v.  A  computation  tree  which  returns  a  value  is  finite  and  all  nodes 
have  a  value  label. 


5if  =  <if(z,cart(fst(z),app(A(x)A(y)x,rst(z))),mt)  I  z^v) 

^^cart  —  (cart(fst(z),app(A(x)A(y)x,rst(z)))  I  z-t-v) 

=  <fst(z)  I  z  v>  Happ  =  <app(A(x)A(y)x,rst(z))  I  z-f-  v) 

5,  =  (z  I  z v)  5rst  =  <rst(z)  I  z v>  v  =  [o,«] 

5k  =  A(x)A(y)x  K  =  A(x)A(y)x  K(u)  =  {A(y)x  I  x  -t-  u> 


Figure  13.  Computation  tree  for  Dif 
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Example:  A  finite  computation  tree.  Figure  13  shows  the  computation 
tree  described  by  the  dtree  I>if. 

Dif  =  (if(z,cart(fst(z),app(A(x)A(y)x,rst(z))),mt)  I  z-<-u) 

The  description  reads:  if  z  is  a  non-empty  sequence  then  return  the  sequence 
containing  the  first  element  of  z  and  the  result  of  applying  A(x)A(y)x  to  the  rest 
of  z,  otherwise  return  the  empty  sequence.  We  use  K  to  denote  the  pfn  A(x)A(y)x 
in  analogy  to  the  “K”  combinator.  K(u)  is  the  pfn  (A(y)x  |  x-<-  u),  the  result  of 
applying  K  to  u.  From  the  computation  tree  for  Djf  we  can  read  off  facts  about 
the  computation  structure  such  as 

(i)  the  value  returned  by  Dif  is  [a,K(u)] 

(ii)  Hfst  is  an  immediate  subcomputation  of  5cart 

(iii)  computation  of  ^ app  reduces-to  computation  of  K  ^  u 

We  can  also  read  off  other  information  about  the  computation  such  as  the  rule 
(sym)  was  applied  three  times,  the  rule  (lam)  two  times,  the  rule  (cart)  one  time, 
there  was  one  pfn  application,  and  the  depth  of  the  tree  is  four. 

Example:  An  infinite  computation  tree.  As  a  second  example  we  de¬ 
scribe  what  is  perhaps  the  simplest  non-terminating  computation.  Let  Lose  = 
A(f)app(f,f).  Then  Lose  is  a  pfn  that  applies  any  argument  to  itself.  Applying 
Lose  to  itself  we  obtain  the  dtree  ^losing 

^losing  =  Lose' Lose  =  (app(f,f)  I  f  Lose) 

which  reads  “apply  f  to  f  where  f  is  bound  to  Lose.”  The  computation  tree 
described  by  ^losing  is  shown  in  Figure  14. 
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rV.2.3.  Computation  relations 

We  now  interpret  the  computation  rules  as  clauses  of  an  inductive  definition. 
Thus  ‘-+,  -<4,,  and  are  the  least  relations  on  Dt  x  V*,  Dt  x  IDt,  and  Dt  x 
Dt,  respectively,  satisfying  the  closure  conditions  (implications)  expressed  by  the 
computation  rules.  The  following  basic  facts  follow  easily. 

■  Evaluation  and  immediately  reduces-to  are  partial  functions. 

(eval.fun)  D  vo  A  5  ►  ui  — »  uq  = 

(redt.fun)  Do  ^>1  A  Do  D2  — ^  Di  =  D2 

Remark.  The  conditional  if  tests  for  equality  to  the  empty  sequence.  Equal¬ 
ity  between  arbitrary  elements  of  the  computation  domain  is  not  computable  in 
Rum.  In  §5  it  is  shown  that  equality  on  the  S-expression  domain  is  computable. 
In  general,  equality  between  elements  of  the  data  domain  may  or  may  not  be 
computable,  depending  on  the  given  data  operations. 

IV.2.3.1.  Computation  trees  vs.  computation  relations 

The  two  interpretations  given  for  the  computation  rules  are  essentially  the 
same.  By  expressing  the  rules  for  generating  computation  trees  in  terms  of  oper¬ 
ations  on  tree  structures  it  is  easy  to  show  the  following.  (See  Appendix  A  for  a 
precise  formulation.) 

■  Evaluation  ('-♦)  is  the  relation  on  dtrees  and  values  that  gives  the  value  returned 
by  the  described  computation  (if  any).  D  t;  iff  the  computation  described  by  D 
returns  the  value  v. 

■  Immediate  subcomputation  (-<4)  is  the  relation  on  dtrees  that  corresponds  to 
the  immediate  subtree  relation  on  computation  trees.  Do  iff  the  computation 
tree  described  by  D  has  an  immediate  successor  node  with  dtree  label  Dq. 

■  Immediately  reduces-to  (>^t)  is  a  subrelation  of  immediate  subcomputation. 
D  Di  when  D  is  an  if-  dtree  and  Di  is  the  branch  determined  by  the  result  of 
the  test-subcomputation,  or  when  D  is  an  app-dtree  and  Di  is  the  application  of 
the  results  of  the  fun-  and  arg-subcomputations. 

Using  the  correspondence  between  computation  trees  and  computation  rela¬ 
tions  we  can  also  read  off  instances  of  computation  relations  from  a  computation 
tree.  For  example  from  the  tree  for  Dif  we  have 

(i)  il„-^|a,K(u)| 

(ii)  Dfst  -<4,  Dcart 
(hi)  J>app  K'u 


100 


TVee-structured  computation 


§IV.2 


IV. 2. 3. 2.  More  computation  relations  and  facts 

Some  additional  relations  useful  in  formulating  properties  of  computation  are 
defined  below. 

>  Subcomputation.  The  subcomputation  relation  (-<)  is  the  transitive  closure 
of  the  immediate  subcomputation  relation. 

>  Reduces-to.  The  reduces-to  relation  (>^)  is  the  transitive  closure  of  the  im¬ 
mediately  reduces-to  relation. 

>  Definedness.  A  dtree  is  defined  iff  the  computation  described  by  that  dtree 
returns  a  value. 

=  (3t;)D  t; 

>  Computation  tree  equivalence.  Two  dtrees  are  computation  tree  equivalent 
(abbreviated  ctree  equivalent)  iff  both  are  undefined  or  both  are  defined  with  the 
same  value.* 

Ho  ^  ^*1  =  (Vu)(5o  V  u) 

df 

The  following  are  some  additional  useful  facts  about  tree-structured  compu¬ 
tation.  They  follow  easily  from  the  definitions. 

■  If  a  computation  returns  a  value  then  all  subcomputations  return  values, 

(def.subc)  (fell  A  Do  -<  —*  ■lI’Do 

■  If  Do  reduces-to  Di  then  Do  is  weakly  equal  to  Di 

(redt .ctree .eq)  Do  Di  — >  Do  ^  Di 

■  Completed  computation  trees  are  well-founded.  Thus  for  any  dtree  property 
Q  we  have  the  computation  induction  formula 

(CI)  (VI))((V»o  k9)Q(!)o)  -*  «(!!))  ^  (V<))(VII  ^  QP)) 

■  A  simple  consequence  of  computation  induction  is  that  a  dtree  which  is  a 
subcomputation  of  itself  is  not  defined. 

(loop)  D  ^  D 

An  immediate  corollary  is  Lose' Lose)  which  was  asserted  informally  in  the 
example  of  a  “losing”  computation. 


Computation  tree  equivalence  is  analogous  to  Kleene’s  complete  equality,  Si  (Kleene 
[1952]). 
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IV.3.  Notation  and  conventions 


IV.3.1.  The  global  context 

While  working  in  Rum,  we  imagine  that  we  are  working  in  a  global  context. 
This  context  determines  a  set  of  global  symbols  o*  and  a  global  environment 
assigning  values  to  the  global  symbols.  We  say  an  environment  ^  is  compatible 
with  the  global  environment  if  it  agrees  with  the  global  environment  on  global 
symbols  -  (Vs  €  <^*)(£(s)  =  ^*(«))'  A  symbol  definition  adds  a  new  symbol  to  the 
set  of  global  symbols  and  extends  the  global  environment  by  binding  the  defining 
value  to  the  defined  symbol.  For  example 

>  I  ^  A(x)x 

defines  I  to  be  the  identity  pfn,  A(x)x.  In  general,  symbol  definitions  have  the 
format 

>  <  symbol  >  ^  <  form  > 

where  <  symbol  >  is  the  symbol  whose  value  is  being  defined,  and  <  form  >  is  a 
form  that  has  a  value  in  the  global  environment.  The  definition  extends  the  global 
environment  by  binding  the  value  of  <  form  >  (in  ^*)  to  <  symbol  >.  To  help 
keep  track  of  global  symbols,  we  use  identifiers  such  as  I,  K,  and  Rec,  beginning 
with  upper-case  letters  for  global  symbols.  To  simplify  notation,  we  use  a  global 
symbol  constant  in  a  context  where  a  value  is  expected  to  denote  the  value  of  that 
symbol  in  the  global  environment.  For  example  we  write  I '  t;  t;  rather  than 

IV.3.2.  Satisfaction  in  the  global  context 

Many  of  the  properties  of  computation  that  we  study  are  properties  of  tuples 
of  dtrees  ((fi  I  f)»  •  •  •  >  (fn  I  0)  which  hold  for  all  environments  ^  compatible  with 
the  global  environment.  For  example  (l(x)  I  f)  (x  I  0  is  such  a  property.  To 
express  such  properties  naturally,  we  define  a  notion  of  satisfaction  which  allows 
us  to  interpret  dtree  properties  as  properties  of  forms. 

>  Satisfaction  by  the  global  context.  For  any  n-ary  dtree  relation  0,  the 
global  context  satisfies  ©(fi, . . .  ,fn)  (written  [=*  0(fi, . . .  ,fn))  iff  0  holds  for  each 
tuple  of  closures  with  respect  to  an  environment  extending  the  the  global  environ¬ 
ment. 


=  (vfl(Vs€<T.)(fW  =  {.(s)  e({f,  I  I  «)) 
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Recall  that  a*  is  the  set  of  global  symbols  and  is  the  global  environment.  We 
include  as  dtree  properties  logical  formulae  built  from  the  basic  dtree  relations 
having  only  dtree  variables  free.  We  will  generally  omit  the  sign  |=*  and  write 
©(fi, . . .  ,fn)  for  [=*  ©(fi, . . .  ,fn)-  For  example,  the  basic  facts  about  subcompu¬ 
tation  and  reduces-to  can  be  expressed  by 

(def.subc)  Ij'fi  A  fo  -<  fi  •Ij’fo 

(redt.subc)  fo>^fi  fo“<fi 
(redt.ctree.eq)  fo  fi  — ^  fo  ^  fi 

By  our  convention  partitioning  symbols  into  global  and  non-global  symbols  we 
avoid  the  possibility  that  at  some  point  in  the  development  the  global  context 
satisfies  a  given  formula  and  at  some  other  point  the  global  context  does  not 
satisfy  this  formula. 

IV.3.3.  Notations  for  sequences  and  multiple  arguments 

Cart-forms  may  be  written  with  any  number  of  arguments  using  the  usual 
conventions  for  associative  binary  operations. 

cart()  =  mt,  cart(f)  =  f,  and  cart(fi,f2  ...  ,fn)  =  cart(fi,cart(f2  ...  ,fn)) 
df  df 

and  we  write  [fi ,  ...  ,fn]  for  cart(fi,  ...  ,fn). 

There  are  two  natural  notions  of  multiple  argument  abstraction  and  applica¬ 
tion.  The  first  is  analogous  to  the  usual  extension  of  lambda  notation  by  currying. 

A(si,  ...  ,Sn)f  ~  A(5i)  ...  A(Sii)f 
df 

fo(fl,  ,fn)  =  app(...  app(fo,fl),  ...  fn) 
df 

The  second  means  of  expressing  multiple  arguments  is  to  match  a  sequence 
of  symbols  to  elements  of  an  argument  sequence.  For  example,  A[si,S2»«3]f  binds 
the  first  element  of  an  argument  to  si,  the  second  element  to  52  and  the  second 
remainder  to  S3.  In  general, 

A[slf  =  A(»)t 

A[si,«2,  ...  =  A(si)({A(si)A[s2,  ...  ,s.lf}(fst{«i),rst(s,))). 

df 

Combining  the  two  modes  of  expressing  multiple  arguments,  we  may  write  expres¬ 
sions  such  as  A(. . .  ,6,, . .  .)f  where  6,-  is  either  a  symbol  or  a  sequence  of  symbols. 
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We  define  the  corresponding  notion  of  binding  a  sequence  of  symbols  [si . . .  «n] 
to  a  value  t;  in  an  environment  ^  by 

*2}  •  •  •  »  *ii]  1  W,  [S2>  •  •  ■  j  *n] r 

at 


Thus  we  have 

(A[5l,52,...,Sn]f  I  (f  I  ^{[«1.«2,  ,  5n] W> 


IV.3.4.  Dtree  expressions 

To  provide  a  richer  language  for  expressing  facts  about  the  evaluation  relation 
and  pfn  application,  we  form  expressions  by  repeated  use  of  the  dtree  application 
operation  and  sequence  operations.  We  call  such  expressions  dtree  expressions. 
Thus  value  variables  and  constants  are  dtree  expressions  and  if  A,Ao,Ai  ...,An 
ase  dtree  expressions  then  so  are  Aq'  Ai^  [Aq,  . . .  ,An],  1®*  (A),  r®*  (A),  AJ.,-,  etc. 
The  evaluation  relation  is  extended  to  dtree  expressions  by  first  evaluating  subex¬ 
pressions.  Some  example  expressions  and  evaluations  are 

u  ^  V  ■«-»•  u  =  V 

(t?'uo)^ui «— *•  t;  {3t?o)(t?^uo  *-*•  t?o  A  v) 

(t?o^uo)^(i?i^«i)  V  (3t?, u){t?o^ Wo  t?  A  u  A  w) 

[(t?'uo)^ui,u]  V  (3vo){(<?^wo)^tti  Vo  A  V  =  [t;o,u]) 

1®*  ((t? ' uo) ' ui)  t;  (3t;o)((t? ' uq)' ui  ‘-y  vq  A  v  =  1®‘  vo) 

The  definitions  of  definedness  and  weak  equality  extend  naturally  to  dtree  expres¬ 
sions.  For  dtree  expressions  A  and  B, 

=  (3t;)(A  ^  t;) 

A  ^  B  =  (Vt;)(A  V  ^  B  ^  v) 

To  parallel  the  currying  of  multiple  arguments  in  forms  we  write  i?  ^(oi,  ...  ,  Un)  for 
(...  (t?'ui)  ...)^Un  and  when  ...  ,  Wn)  is  defined,  we  write  t?(ui,  ...  ,  Un) 

for  the  value. 
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IV.3.5.  n-ary  pfns  and  pfnls 

It  is  useful  to  give  names  to  classes  of  “higher  order”  pfns.  The  most  frequently 
used  notion  is  that  of  pfnl,  named  in  analogy  to  functional.  More  generally  we 
can  talk  about  n-ary  pfns  -  pfns  that  can  meaningfully  be  applied  to  a  list  of  n 
arguments. 

>  Pfnl.  A  pfn  is  called  a  pfnl  if  it  maps  any  argument  to  a  pfn.  We  use  Pfnl  to 
denote  the  set  of  pfns  that  are  pfnls. 

(pePfnl  =  V tpx 

df 

>  n-ary  Pfn.  Any  pfn  is  a  1-ary  pfn.  For  n  >  1,  y?  is  an  n-ary  pfn  if  is 
defined  with  value  an  n  —  1-ary  pfn  for  all  values  v. 

■  Pfnls  are  just  the  2-Euy  pfns 

■  {^(xi , . . . ,  Xn)f  I  0  is  an  n-axy  pfn  for  any  form  f  and  environment 
IV.3.6.  Derived  forms 

In  order  to  make  definitions  more  compact  and  readable,  we  introduce  some 
abbreviations  for  forms.  Ifmt  expresses  the  test  for  the  empty  sequence  positively, 
and,  or,  and  not  describe  boolecin  operations.  The  pfn  A(x)mt  is  chosen  as  the 
canonical  non-empty  sequence,  to  represent  “true” .  Any  pfn  would  do. 

ifmt(fte8t,f  mtjfnmt)  ^  if  (ftest?  fnmtjfmt) 
df 

or(fihs,frh8)  =  if(fih9,A(x)mt,if(frhs,A(x)mt,mt)) 
df 

and{fih8,frhs)  =  if{fih8,if(frhs,A(x)mt,mt),mt) 
df 

not(f)  =  if(f,mt,A{x)mt) 

df 

Finally  we  introduce  let  which  expresses  the  use  of  abstraction  followed  by  appli¬ 
cation  as  a  means  of  temporarily  giving  a  name  to  the  value  of  an  expression.  To 
evaluate  let{si  -^f2}fbody  in  an  environment  the  arguments  fi  and  f2 

are  each  evaluated  in  If  fj  returns  value  Ui  for  t  =  1,2  then  fbody  is  evaluated 
in  ^  extended  by  binding  ui  to  si  and  t;2  to  S2-  In  general  we  have 

let'^. . . ,  6,' fi  >  • .  "jfbody  ~  '{A(. . .  ,  6$  , .  .  .)fbody}(*  •  •  5  fi  j  •  •  •) 
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where  6,-  is  a  symbol  or  a  sequence  of  symbols.  As  illustrated  above,  and  continuing 
the  convention  introduced  in  Chapter  I,  we  will  often  use  {. . .}  to  set  off  the  func¬ 
tion  part  of  an  application  form  when  the  fimction  part  is  a  complex  expression. 
This  is  merely  to  try  to  improve  readability. 

To  illustrate  the  added  notation  we  have  the  following  simple  and  useful  con¬ 
sequence  of  the  definition  of  the  closure  formation  operation. 

■  Forgetting  lemma.  For  x  not  free  in  fi 

let{x fo}fi  ^fi. 

In  terms  of  basic  Rum  concepts  this  fact  is  expressed  by 

(Ve)(^<fo  I  i)  -  (app(AWf.,fo)  I  e)  <f.  I  £)) 

IV.4.  A  library  of  pfn  definitions 

rV.4.1.  Algebraic  combinators 

Algebraic  combinators  are  those  whose  functional  behavior  is  given  explicitly 
by  algebraic  equations.  Following  the  notation  of  Barendregt  [1981]  we  define 

>  I  A(x)x 

>  K  A(x,y)x 

>  Cl  ^  A(f,x)f(x) 

>  B  A(f,g,x)f{g(x)) 

>  S  ^  A(f,g,2)f(z)(g(z)) 

I  is  the  identity  pfn,  K  is  the  constant  maker,  B  is  the  composition  pfn.  Cl  the 
Church  numeral  one  (also  the  application  pfn)  and  S  is  the  substitution  pfn.  These 
pfns  are  characterized  computationally  by  the  following  properties  which  are  easily 
proved  using  the  definitions  and  rules  for  computation. 

■  Computational  behavior  of  algebraic  combinator  pfns 
(I.redt)  l(x)  X 

(K.redt)  K(x,  y)  x 
(Cl.redt)  Cl(f,x)  >4- f(x) 

(B.redt)  B(f,g,x)  f{g(x)) 

(S.redt)  S(f,g,z)  f(z,g(2)) 
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By  (redt.ctree.eq)  we  can  replace  >»-  by  ^  in  the  above  theorem.  Thus  the  al- 
aic  combinator  pfns  satisfy  the  usual  equations  and  more.  Note  that  K,  Cl, 
B  and  S  are  pfnls  and  for  all  u,v  B(u,v)  and  S(u,t;)  are  pfns.  We  use  the  infix 
notation  u  o  v  for  B(u,  u). 

■  The  theorem.  For  each  m  >  0,  n  >  0  let  be  defined  by 

—  A(f)  A(xi , . . . ,  Xm)  A(yi  >  •  •  • » y  n)f  (^1 » •  •  •  >  >  yi  >  •  •  • » y  n) 

df 

then  for  any  (n  +  m)-ary  pfn  d 

^5;^'(t?,Ul...Uxn)  and  «1  ...  Um)'(vi  ...  Wn)  t? '(«!•••  «m,  •••  Un) 

The  theorem  for  Hum  is  a  trivial  consequence  of  the  definitions  of  n-ary  pfn  and 
pfn  application.  We  have  stated  it  to  emphasize  the  connection  between  closure 
formation  and  parameter  fixing. 

rV.4.2.  Recursion 

■  The  Hum  recursion  theorem  says  that  for  each  pfnl  t?  there  is  a  pfn  that  is  the 
computationally  minimal  fixed  point  of  i?  and  that  these  fixed  points  are  computed 
uniformly  by  the  recursion  pfn  Rec. 

>  Reel  ^  A(g)A(h)A(x)g(h(h),x) 

>  Rec  ^  A(f)Recl(f,Recl(f)) 

Rec  is  defined  in  terms  of  the  auxiliary  Reel  simply  to  make  the  definition  more 
readable.  Reel  is  also  a  useful  intermediary  in  writing  out  the  proof  of  the  recursion 
theorem. 

■  Recursion  Theorem. 

(rec. pfnl)  Rec  €  Pfnl 

(rec.subc)  (Vt?  G  P/n/)(t?  ^(Rec(t?))  <  Rec(t?)^t;) 

(rec.redt)  (Vt?  G  F/n/) (Rec(t?) '  w  ^  t?{Rec(t?))'  v) 

Computational  minimality  is  expressed  by  (rec.redt).  (rec.subc)  says  that  the 
application  of  a  pfnl  to  its  fixed  point  is  a  subcomputation  of  every  application  of 
the  fixed  point  to  an  argument.  The  recursion  theorem  is  an  easy  consequence  of 
the  computation  rules  and  the  definition  of  Rec. 
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■  Recursion  Corollary.  The  usual  fixed  point  property  is  an  immediate  corol¬ 
lary  of  (rec.redt).  This  can  be  expressed  in  terms  of  pfns  and  values  (rec.fix.a)  or 
in  terms  of  forms  (rec.fix.e). 

(rec.fix.a)  Rec(i?) '  v  ^  t?(Rec(t?)) '  v 

(rec.fix.e)  f  5=^  Rec(A(f)A(xi , . . .  Xn)fbody)  f(xi , . . . Xn)  ^  fbody 

■  Non  Recursion.  If  f  is  not  free  in  fbody  then 
(rec.noop)  {Rec(A(f)A(x)fbody)}(x)  ^  fbody 

This  follows  from  the  recursion  corollary  and  the  forgetting  lemma. 

Parameterized  Recursion.  Consider  the  equation 

f(g,x)  if(p(x),h(x),f(g,g(x)) 

Since  g  is  a  parameter  -  is  not  changed  in  the  recursive  call  -  this  equation  can 
be  solved  in  two  ways  using  Rec.  One  way  is  to  pass  g  explicitly  as  an  argument 
at  each  recursive  call 

(param.pass)  f  Rec(A(f)A(g,x)if(p(x),h(x),f(g,g(x)))) 

the  other  way  is  to  treat  g  as  a  parameter  of  the  recursion 
(param.fix)  f  ^  A(g)Rec(A(ff)A(x)if(p(x),h(x),ff(g(x)))) 

Extensionally  the  two  definitions  2U’e  the  same. 

{  Rec(  A  (f )  A  (g,  x)  if  (p  (x) ,  h  (x) ,  f  (g,  g(x))) ) }  (g,  x) 

^  {A(g)Rec(A(fr)A(x)if(p(x),h(x),ff(g(x))))}(g,x) 

Computationally  the  two  solutions  differ  in  the  amount  of  work  done  in  argument 
passing  (binding  of  symbols  to  extend  environments).  In  the  (param.pass)  case  g 
is  rebound  in  each  recursive  call,  while  in  (param.fix)  case  g  is  bound  initially  and 
carried  in  the  environment. 

Why  not  Church’s  Y?  The  algebraic  combinatory  pfns  are  direct  analogs  of 
the  corresponding  lambda  calculus  combinators,  but  Rec  differs  from  the  direct 
analogue  to  Church’s  Y-combinator,  Church  Y  (see  Barendregt  [1981]  p.l27). 

>  Y1  ^  A(f)A(h)f(h(h)) 

>  ChurchY  ^  A(f)Yl(f)(Yl(f)) 

This  is  necessary  as  the  following  theorem  shows.  The  reason  is  the  difference 
between  jCum  evaluation,  which  is  call-by- value  and  lambda  calculus  reduction 
which  is  call-by-name. 

■  ChurchY  is  everywhere  undefined. 

Proof:  For  any  v,  ChurchY'  u  Yl(t;) '  Yl(v)  and  Yl(t;) '  Yl(t;)  ^  Yl(v) '  Yl(y). 
Hence  by  (loop)  we  have  -i.[)(Y't;). 
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IV.4.3.  Recursion  on  sequences 

Collection,  tupling,  bounded  search  and  iteration  along  a  sequence  are  exam¬ 
ples  of  computation  schemes  based  on  recursion  on  finite  sequences.  These  schemes 
are  total  in  the  sense  that  when  instantiated  using  total  functions  for  the  function 
parameters,  the  function  defined  is  total.  Such  schemes  are  represented  uniformly 
in  Rum  by  pfnls  which  when  applied  to  pfns  computing  the  function  parameters 
give  a  pfn  computing  the  corresponding  instance  of  the  scheme. 

Collection.  The  collection  scheme  has  a  unary  function  parameter.  The  pa¬ 
rameter  is  applied  to  each  element  of  the  argument  sequence.  The  results  are 
collected  in  a  sequence  and  returned  as  the  value.  The  pfnl  Collect  describes  the 
collection  scheme 

>  Collect  A(f)Rec(A(co)A[x,y]ifmt(x,mt,  [f(x),co(y)])) 
and  satisfies 

CoIlect(t?)'[ai,...  ,an]  ^  [i? d'on]. 


Tupling.  Tupling  is  the  “dual”  to  collecting.  The  tupling  scheme  has  a  sequence 
of  unary  functions  as  a  parameter.  Each  element  of  the  parameter  sequence  is 
applied  to  the  given  argument  and  the  collected  results  are  returned  as  the  value. 
In  Rum  tupling  is  explicitly  definable  from  collection. 

>  Tuple  A(funs)A(x)Collect(A(h)(h(x)),funs) 

Tuple  satisfies 

Tuple[i?i,...,t?n]^«  ^  ..  ,t?ii'u]. 

Bounded  search.  The  bounded  search  scheme  has  two  unary  function  param¬ 
eters.  The  first  function  computes  a  predicate.  It  is  applied  to  each  element  of 
an  argument  sequence  until  an  element  is  found  that  satisfies  the  predicate.  Then 
the  second  parameter  is  applied  to  that  element  and  the  result  returned.  If  no 
such  element  exists  then  the  empty  sequence  is  returned.  We  use  Some  to  describe 
bounded  search. 

>  Some  A{p,f)Rec(A(so)A[x,y]ifmt(x,mt,if(p(x),f(x),so(y)))) 

Some  satisfies 

(Va  e  u)t?p'a  Some(t?p,t?f)'u  ^  □ 

(Va  G  u)JJ.i?p'a  A  (3a  €  u)i?p(a)  7^  o  (3a  €  u)Some(i?p,r?f)'u  >¥~  a 
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In  the  definitions  of  Collect  and  Some  we  have  used  A[x,y]  to  name  the  first  and 
remainder  of  the  argument  at  the  beginning  of  the  computation,  and  used  the  fact 
that  1®*  t;  =  D  V  =  o. 

Iteration  along  a  sequence.  This  scheme  has  a  binary  function  and  an  initial 
value  as  parameters.  If  applied  to  an  empty  argument  sequence  the  initial  value 
is  returned.  If  applied  to  a  non-empty  argument  sequence  the  function  is  applied 
to  the  first  element  of  the  argument  and  the  result  of  iterating  along  the  rest  of 
the  argument  sequence.  Seqlt  describes  iteration  along  a  sequence. 

>  Seqlt  ^  A(f,z)Rec(A{si)A(x)ifmt(x,2,f(fst(x),si(rst(x))))) 

Seqlt  satisfies 


Seqlt '{t?,u,[ci,...Oni])  w) •  •  •) 

Exercise  1.  Tuple  was  defined  using  Collect  to  illustrate  the  expressive  power  of 
collection  in  the  presence  of  pfns.  Derive  an  equation  for  Tuple  that  does  not  use 
Collect  Sind  prove  that  the  solution  of  the  derived  equation  using  Rec  computes 
the  tupling  pfn.  (This  is  even  simpler  than  the  TprodC  derivation  §11.3  as  there  is 
no  need  to  introduce  added  parameters.) 

IV.4.4.  Remarks 

•  The  computational  facts  for  the  algebraic  combinator  pfns,  the  computational 
minimality  of  the  recursion  pfn,  and  computation  induction  illustrate  some  of  the 
features  of  Zum  in  contrast  to  those  of  computation  theories  based  on  codes  as  ele¬ 
ments  of  the  computation  domain  or  recursion  theories  based  on  lambda  reduction 
(see  §1.5).  In  a  nutshell,  we  have  the  strong  form  of  the  closure  conditions  required 
for  a  computation  theory  and  at  the  same  time  the  corresponding  functionals  are 
defined  extensionally  using  abstraction. 

•  (rec.redt)  is  stronger  than  (rec.fix).  Combined  with  computation  induction, 
(rec.redt)  is  an  important  tool  for  proving  properties  of  recursively  defined  pfns. 
Recursion  induction  (McCarthy  [1963]),  subgoal  induction  (Morris  and  Wegbreit 
[1976]),  McCarthy’s  minimization  schema  (a  scheme  formalizing  Kleene’s  first  re¬ 
cursion  theorem  -  see  Cartwright  and  McCarthy  [1979]),  and  many  other  instances 
of  “Scott  induction”  follow  from  (rec.redt)  and  (Cl).  “Scott  induction”  is  an  in¬ 
duction  principle  derived  from  the  least  fixed  point  theorem  for  extensional  models 
of  the  lambda-calculus  (Scott  [1976]). 

•  The  example  of  alternative  descriptions  of  parameterized  recursion  relies  on 
the  feict  that  the  pfnl  has  the  form  of  an  ordinary  well  typed  functional.  Intuitively 
it  would  seem  that  moving  parameters  across  the  recursion  boundary  should  in 
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general  preserve  the  function  computed.  We  will  see  in  §VI.2  that  this  is  indeed 
the  case. 

•  Seqlt  is  so  named  in  analogy  to  a  functional  lit  defining  iteration  along  a  list 
and  studied  by  Gordon  [1973]. 

•  Collection,  tupling  and  iteration  along  sequences  correspond  to  the  constructs 
apply-to-all,  construct,  and  insert  in  functional  programming  (Backus  [1978]).  Col¬ 
lection  also  corresponds  to  the  finite  collection  schema  use  to  formalize  fragments 
of  arithmetic  and  is  a  finitary  analog  to  the  collection  principle  of  set  theory. 


IV.5.  Computing  with  S-expressions 

Now  we  fix  the  data  structure  to  be  the  S-expression  structure  described  in 
§111.5  and  define  some  additional  data  operations  and  constants.  Many  of  these 
are  basic  definitions  that  will  be  used  in  later  examples.  In  addition  they  serve  to 
illustrate  further  the  use  of  sequences  and  of  the  library  of  pfns  built  in  §4. 

The  global  S-expression  context  associates  each  S-expression  operation  to  the 
corresponding  S-expression  operation  symbol.  The  same  identifier  will  be  used 
to  denote  both  an  S-expression  operation  and  its  corresponding  symbol.  Thus 
PairMk  denotes  both  the  pairing  operation  and  the  symbol  whose  value  is  the 
pairing  operation. 

IV.5.1.  Standard  S-expression  operations  and  constants 

The  Lisp  name  for  the  empty  list  in  Nil.  The  projection  operations  for  pairs, 
Car  and  Cdr,  are  defined  from  PairUn  using  fst  and  rst  and  Atom  is  the  opposite 
of  PairP  (on  the  S-expression  domain  Dsexp)- 

ZeroMk[] 

MtlMk[] 

A(x)fst(PairUn(x)) 

A(x)rst(PairUn(x)) 

A(x)if(PairP(x),mt,x) 

For  S-expressions  0,01,02  we  have 

Car(PairMk[oi,  02])  =  oi,  Cdr(PairMk[ai,  02])  =  02 

Atom(PairMk[oi,02])  =  □,  PairUn'(a)  =  Tuple([Car,Cdr],o) 


> 

> 

> 

> 


0 


Nil 


Car 


Cdr 


Atom 


df 


df 


df 


df 


df 
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Exercise  1.  Since  Dgexp  is  finitely  and  freely  generated,  and  tests  for  the  various 
sorts  are  provided,  equality  between  S-expressions  SexpEq  is  computable.  Define 
pfns  that  test  for  equality  of  S-expressions  of  each  sort:  IntEq  for  integers,  StrEq 
for  strings,  and  PairEq  for  pairs.  The  test  pfns  should  return  the  empty  sequence  if 
the  arguments  are  not  of  the  correct  sort  or  are  not  equal.  Otherwise  they  should 
return  one  of  the  arguments.  SexpEq  satisfies 

SexpEq[x,y]  ^  or(lntEq[x,y],StrEq[x,y],PairEq[x,y]) 

SexpEq  is  not  specified  for  non-S-expression  arguments. 

Exercise  2.  The  computable  functions  on  integers  are  definable  as  Rum  pfns 
in  the  xisual  way  using  Rec  to  solve  recursion  equations.  Define  addition  (-f), 
multiplication  {*),  less-than  (Lessp),  and  the  function  that  returns  the  maximum 
of  two  integers  (Max). 

IV.6.2.  Using  multi-ary  operations 

StrConc  is  string  concatenation.  It  is  defined  using  sequence  concatenation 
and  the  operations  StrUn  and  StrMk  for  interconversion  of  strings  and  sequences. 

>  StrConc  ^  A[x,y]StrMk[StrUn(x),StrUn(y)] 

For  integers  z,-  we  have 

StrConc  I  **Zi , .  . .  ,  Z,7J  **,  , . .  .  ,  fi  j  Zy , .  .  .  ,  Zf^-l-n  ** 

Using  Seqlt  we  define  a  pfn  ListMk,  analogous  to  the  StrMk  data  operation,  that 
maps  sequences  of  S-expressions  to  lists.  The  inverse  of  ListMk  is  ListUn,  defined 
by  a  simple  recursive  definition. 

>  ListMk  A(x)Seqlt(PairMk,  Nil,x) 

>  ListUn  Rec(A(ListUn)A(x)if(MtlP(x),  Nil,  [Car(x), ListUn(Cdr(x))])) 

This  definition  of  the  list  making  operation  is  a  direct  implementation  of  the 
informal  notation  we  gave  for  lists  in  our  presentation  of  the  S-expression  data 
structure  (§111.5)  and  we  have  for  S-expressions  Oj 

ListMk^[oi, . . . ,  On]  <ai, . . .  an> 

ListMk^(ListUn(<ai, . . .  an>))  ^  <ai,...an> 

ListUn'(ListMk([ai, . . .  On]))  ^  [ai,...an] 
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For  lists  /o,  h  we  will  use  Iq  oli  to  denote  the  concatenation.  Thus 

/oo/i  =  ListMK[ListUn(/o),ListUn(/i)] 

Two  additional  interesting  operations  that  combine  lists  and  multi-ary  operations 
are  ListExtend  aind  its  inverse  ListAfter.  ListExtend  tzdces  a  sequence  and  a  list  smd 
extends  the  list,  adding  the  elements  of  the  sequence  to  the  list.  ListAfter  takes  a 
sequence  and  a  list  and,  if  the  sequence  corresponds  to  an  initial  segment  of  the 
list  the  remaining  tail  of  the  list  is  returned.  Otherwise  the  empty  sequence  is 
returned. 

>  ListExtend  ^  A(x,y)Seqlt(PairMk,y,x) 

>  ListAfter  Rec(A(ListAfter)A(x,y) 

ifmt(x,y, 

if(MtIP(y),mt, 

if  (Sexp  Eq  (fst(x) ,  Car  (y) ) ,  ListAfter  (rst(x) ,  Cdr  (y)) ,  mt)) ) ) 

Note  that  ListMk  is  just  ListExtend  with  the  list  parameter  fixed  to  be  Nil.  For 
S-expressions  a\  and  lists  /  we  have 

ListExtend '([ai, ...  On],/)  ^  ListMk^([ai, . . .  Cn,  ListUn(/)])) 

ListAfter'([ai, . . . flu], ListExtend([oi, . . . OnlsO) 

IV.5.3.  Tprod  revisited 

We  have  now  defined  most  of  the  concepts  needed  to  give  precise  interpretation 
to  the  definitions  and  statements  regarding  tree-structured  computation  in  the 
tree  product  examples  of  Chapter  II.  What  remains  is  to  explain  the  recursive 
definitions  of  the  pfns  as  used  there.  Definitions  of  the  form  f(xi . .  .Xn)  fbody 
define  f  to  be  the  pfn  which  is  the  minimal  fixed  point  of  the  corresponding  pfnl 
A(f)A(xi..Xn)fbody  For  example, 

>  Tprod(x)  •<— if(Atom(x),x,  Tprod(Car(x))  *  Tprod(Cdr(x))) 
is  an  abbreviation  for 

>  Tprod  ^  Rec(A(Tprod)A(x)if(Atom(x),x,  *[Tprod(Car(x)),Tprod(Cdr(x))])) 

In  the  examples  we  used  infix  notation  for  operations  such  as  for  -h  and  *.  For  the 
official  work  in  Rum  we  have  not  bothered  to  introduce  infix  notations. 

At  this  point  the  reader  should  be  able  to  fill  in  all  the  details  for  definitions 
and  extensional  statements  about  the  pfns  describing  tree-structured  computation. 
Using  the  informal  description  of  computation  trees  the  intensional  statements 
can  also  be  understood  intuitively.  The  definitions  of  Appendix  A  and  the  further 
examples  in  Appendix  B  show  how  these  statements  can  be  made  precise. 
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IV.6.  Streams  and  stream  operations 

Streams  were  described  in  §1.2  as  0-ary  function-like  objects  with  internal 
state  that  present  possibly  infinite  sequences.  In  Rum  there  is  no  notion  of  internal 
state,  so  we  must  explicitly  keep  track  of  the  information  about  the  rest  of  a  stream. 
Thus  a  stream  is  a  pfn  that  when  queried  (applied  to  the  empty  sequence)  either 
returns  the  empty  sequence  or  an  element  and  a  stream.  We  call  this  the  stream 
condition.  In  the  first  case,  t?  is  the  empty  stream,  and  the  empty  sequence  is  the 
end-of-stream  signal.  In  the  second  case,  t?  is  a  non-empty  stream,  the  element 
returned  is  the  first  element  of  the  stream,  and  the  stream  returned  is  the  rest  of 
the  stream.  Two  examples  of  streams  are:  the  pfn  MtStream  which  is  an  empty 
stream  and  the  pfn  Streamify  that  turns  a  sequence  into  a  stream  of  its  elements. 

>  MtStream  A()mt 

>  Streamify  Rec{A(s)A[x,y]A()ifmt(x,mt,  [x,s(y)])) 

We  used  A()f  in  the  above  definitions  as  an  abbreviation  for  A(«)f  where  s  is  some 
symbol  not  appearing  free  in  f,  for  example  z  in  the  above  cases. 

We  let  Stream  denote  the  set  of  pfns  that  satisfy  the  stream  condition  given 
above.  More  precisely  a  stream  set  is  any  set  of  pfns  $  that  satisfies  (Sc). 

(Sc)  d  e  ^  (3a,t?i  €  [c,t?i] 

Since  the  right  hand  side  of  (Sc)  is  monotone  in  $  there  is  a  least  stream  set 
Stream‘d  —  the  set  inductively  generated  by  the  corresponding  monotone  oper¬ 
ation.  Stream'^  consists  of  the  finite  streams  and  contains  all  empty  streams 
and  Streamify(u)  for  any  u.  The  union  of  any  non-empty  set  of  stream  sets  is  a 
stream  set.  Hence  there  is  a  maximum  stream  set.  This  is  what  we  called  Stream. 
Stream  can  also  be  given  by  a  shrinking  induction  [Moschovakis  1975],  i.e.  as  the 
compliment  of  an  inductively  defined  set  of  pfns. 

rV.6.1.  stream  elements,  tails,  length,  and  equality 

There  are  two  sequences  associated  with  each  stream  -  the  sequence  of  stream 
elements  and  the  sequence  of  stream  remainders.  These  are  given  by  the  n-th 
element  and  n-th  tail  operations  on  streams.  We  call  the  pair  [n-th  element,  n-th 
tail]  the  n-th  iterate.  The  length  of  a  stream  is  the  number  of  elements  -  possibly 
infinite.  Two  streams  are  equal  (as  streams)  if  they  have  the  same  n-th  elements 
for  all  n.  These  notions  are  made  precise  by  the  following  definitions. 
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n-th  iterate,  element,  and  tail.  The  n-th  iterate  operation  is  computed  by 
the  pfn  Nthitr  and  the  n-th  element  and  n-th  tail  operations  are  computed  by  the 
pfiis  NthElt  and  NthTail. 

>  Nthitr  ^  Rec(A(NthItr)A(s,n) 

let{[x,t]-«-s[]} 

if(Zerop(n),  [x,t],  Nthltr(t,Subl(n)))) 

>  NthElt  ^  A(s,n)let{[x,t] Nthltr(s,n)}x 

>  NthTail  ^  A(s,n)let{[x,t] Nthltr(s,  n)}t 

For  a  stream  i?  and  a  number  n  we  write 

=  NthElt(t?,n)  and  =  NthTail(t?,n) 

Note  that  for  any  streeun  i?  and  any  number  n  Nthitr  is  defined  and  we  have 

and  |d(”+»,d>”+‘|  =  if'’'"’#” 

1  □  if  =  o 


>  Stream  length.  The  length  of  a  stream  |t?|«  is  the  least  number  n  such  that 
t?(")  =  □  if  such  a  number  exists.  Otherwise  the  length  is  defined  to  be  oo. 


|t?U  = 


if 

otherwise 


□ 


>  Stream  equality.  Two  streams  t?o,  are  stream-equal  (written  t?o  =  t?i)  if 
they  have  the  same  n-th  element  for  all  n. 

t?o  =  t?i  =  (Vn)t?5,'^^  = 

df 

■  About  stream  elements,  tails,  length  and  equality.  For  streams  i?,  i?o, 
t>i 

(Vn  <  I  u  |)(Streamify(u)^'‘^  =  “In) 
n  <  |i?|,  G  V  A  €  Stream 

n  >  jt?|a  — »•  1?^”^  =  D  A  =  □ 

n  +  ifc  <  |t?|a  ,?('»+*=+!)  =  (,?>»*)W 

|MtStream|a  =  0  and  |Streamify(t;)|a  =  |t;| 

t?o  =  t?i  A  n  <  |t?o|3  - 

These  properties  are  easy  to  check  from  the  definitions. 
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rV.6.2.  stream  combination  operations 

New  streams  can  be  made  from  given  streams  by  stream  combination  opera¬ 
tions.  Some  examples  are  concatenation,  filtering,  merging,  eind  mapping. 

Concatenation 

The  concatenation  of  two  streams  is  a  stream  that  generates  elements  from 
the  first  stream  until  the  end  is  reached,  then  generates  elements  from  the  second 
stream.  Stream  Cone  describes  the  concatenation  operation. 

>  StreamConc  Rec(A(StreamConc)A(sO,sl) 

A()let{[x,sO]  sO[]}if(x,  [x,  StreamConc(sO,sl)],sl[]) 

We  will  write  i?o  ^  for  StreamConc(i?oj^i)-  Clearly  if  t?o  and  t?i  are  streams 
then  i?o  o  is  a  stream. 

■  Properties  of  stream  concatenation.  The  following  facts  show  that  stream 
concatenation  has  the  same  properties  as  concatenation  of  other  sequence  like 
objects.  For  streams  t?o,  ^2  we  have 

|t?oU  =  no  A  |i?i|a  =  ni  -*  |t?oOt?i|«  =  no  +  ni 
|doU  =  00  V  =  00  -*•  |t?oOt?i|a  =  00  , 

n  <  |i?oU  A  (t>oot?i)>" 

|do|«  =  mAm<n  —*■  (t?oO  A  (t?o  o 

do  =  MtStream  o  do  =  t?o  o  MtStream 
(do  <>  t?i)  o  O2  —  ^0  ^  (*^i  ^  ^^2) 

Streamify(u)  o  Streamify(v)  =  Streamify{[tt,  v]) 

Filtering 

A  filter  takes  a  test  and  a  stream  and  produces  a  stream  in  which  the  elements 
failing  the  test  are  filtered  out.  The  pfn  Filter  describes  the  filter  operation. 

>  Filter  A(p)Rec(A(fil)A(s)A() 

let{[x,  s]  ^  s[]}ifmt(x,  mt,  if (p(x),  [x, fil(s)], fil(s)[]))) 

The  key  computational  facts  for  a  stream  d  filtered  by  a  test  (p  are 

{»- Filter(^,di)'o  if  d'o [a,di]  and 

[o,  Filter(v?,  di)]  if  d'o  [a,di]  and  p'a'^v^a 
□  if  d^D □ 
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■  Filter  distributes  over  concatenation.  For  streams  t?o» 

Filter{^,i?o  o  di)  =  Filter(^,t?o)  o 

We  can  further  characterize  the  filter  operation  by  defining  the  index  of  the  n-th 
element  of  a  stream  d  satisfying  a  predicate  is  defined  by  induction 

on  numbers 

/x{$,t?,m  +  l)  =  M(n)(w  >  A  $(7?^"))) 

If  $  is  computed  by  (p^  then 

Filter(v?*,d)^’‘)  = 

Exercise  1.  Define  a  pfn  describing  a  merge  operation  on  streams.  The  2n-th 
element  of  the  the  merge  is  the  n-th  element  of  the  first  stream,  the  (2n  +  l)-th 
element  of  the  merge  is  the  n-th  element  of  the  second  stream. 

Exercise  2.  Define  pfns  StreamMapl,  StreamMap2,  and  StreamMapS  describing 
mapping  operations  on  streams.  For  pfns  <p  defined  on  V  and  streams  t?,  the  n- 
th  element  of  StreamMapl is  the  result  of  applying  <p  to  the  n-th  element 
of  1?.  For  pfns  <p  defined  on  [V  x  V]  and  streams  i^o?  t?i,  the  n-th  element  of 
StreamMap2(¥?,t?o>'?i)  is  the  result  of  applying  p  to  the  n-th  element  of  t?o  and 
the  n-th  element  of  i?i.  For  pfns  <p  defined  on  V*  and  any  sequence  of  streams 
[t?o  •  •  •  the  n-th  element  of  StreamMapS(v?,  [t?o  •  •  •  is  the  result  of  applying 
<p  to  the  sequence  of  n-th  elements  of  [t?o  •  •  • 

Exercise  3.  Show  that  unary  mapping  distributes  over  concatenation.  What 
about  binary  and  multi-ary  mapping? 

IV.6.3.  Remarks 

•  Other  work  A  representation  of  streams  similar  to  the  kum  representation 
was  first  used  by  Landin  [1965]  where  streams  were  introduced  to  represent  control 
lists  of  Algol.  A  control  list  is  a  list  of  expressions  that  describes  a  list  of  items  to 
iterate  through.  Items  of  a  control  list  should  be  computed  as  needed,  not  all  at 
once.  Landin  treated  only  finite  streams  and  gave  operators  analogous  to  normal 
list  operations  for  construction  and  selection.  Burge  [1970]  extends  this  idea  to 
possibly  infinite  streams.  He  presents  sequences  as  functions  that  return  a  pair 
consisting  of  the  next  element  of  the  sequence  and  a  function  giving  the  rest  of  the 
sequence.  Examples  of  programs  computing  a  variety  of  operations  involving  such 
sequences  are  given.  Burge  does  not  give  a  formal  definition  of  the  set  of  streams 
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(sequences  in  his  terminology)  nor  does  he  state  any  mathematical  properties  of 
streams  or  the  operations  on  streams.  Both  Landin  and  Burge  remark  on  analogy 
of  streams  to  Conway’s  notion  of  co-routine,  but  the  connection  is  not  elaborated. 

•  Elaborations  and  generalizations  There  are  many  ways  to  extend  the  basic 
ideas  underlying  the  notion  of  stream  in  Zum.  For  example,  one  could  allow  partial 
streams  rather  than  requiring  that  application  of  a  stream  to  the  empty  sequence 
be  defined.  One  could  also  allow  arbitrary  sequences  to  be  produced  as  stream 
elements.  A  more  substantial  generalization  arises  when  we  relztx  the  restriction 
that  the  behavior  of  a  stream  be  completely  determined  by  repeated  application  to 
the  empty  sequence.  We  say  a  pfn  t?  is  a  parameterized  stream  if  for  any  element 
a  of  the  computation  domain  t?  applied  to  a  returns  either  the  empty  sequence 
(signifying  the  end)  or  the  next  stream  element  and  a  parameterized  stream  (the 
remainder  of  the  stream) .  A  parameterized  stream  can  be  thought  of  as  presenting 
a  function  from  sequences  to  sequences.  To  see  this  we  generalize  the  n-th  element 
and  n-th  tail  operations.  For  a  parameterized  stream  d  and  a  function  h  mapping 
numbers  to  elements  of  the  computation  domain  (the  input  sequence)  define  , 
the  n-th  element  of  t?  for  input  sequence  v?,  and  the  n-th  tail  of  t?  for  input 

sequence  h,  by  induction  on  numbers  as  follows. 

f,9(^»»»+i)  —  /  t?(^’^'*^(/i(n  -t- 1))  if  ^  o 

^  ^  !□  if,?M=o 

Then  A(/i,n)t?('‘>’*)  is  the  function  from  sequences  to  sequences  presented  by  t?. 
This  gives  a  small  taste  of  the  many  possibilities  for  generalizing  streams. 
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Now  we  turn  our  attention  to  sequential  computation  in  kum.  Such  compu¬ 
tations  are  carried  out  by  a  process  of  generating  sequences  of  computation  states. 
A  computation  state  consists  of  a  continuation  and  a  current  task.  The  compu¬ 
tation  primitives  are  those  for  tree-structured  computation  together  with  a  new 
primitive  for  noting  (binding)  the  current  continuation.  Application  is  the  mech¬ 
anism  for  resuming  a  noted  continuation.  The  structure  of  computation  states 
and  the  rules  for  generating  computation  sequences  are  derived  naturally  from  the 
structure  of  computation  stages  and  the  rules  for  generating  computation  trees. 
The  tree  structure  of  t-J^um  computations  is  preserved  in  the  computation  se¬ 
quences  and  many  of  the  notions  used  in  expressing  properties  of  tree-structured 
computation  can  be  interpreted  as  properties  of  sequential  computation.  In  §1 
the  additional  objects  used  to  describe  and  carry  out  sequential  computations  are 
defined.  In  §2  the  rules  for  generating  computation  sequences  are  presented.  Basic 
theorems  about  sequential  computation  and  the  relation  of  sequential  computa¬ 
tion  to  tree-structured  computation  are  given  in  §3.  The  remaining  two  sections 
give  examples  of  programming  and  proving  using  continuations.  In  §4  continua¬ 
tions  are  used  to  construct  an  until  loop  from  a  do-forever  loop.  This  is  proved 
equivalent  to  the  usual  recursive  definition  of  the  until  loop.  In  §5  we  show  how 
co-routine  mechanisms  can  be  represented  in  kum,  give  some  basic  properties  of 
co-routine  resumption,  and  prove  a  simple  co-routine  correct. 

The  world  of  sequential  computation  is  denoted  by  s-kum.  In  this  chapter 
we  will  be  mainly  working  in  the  world  of  sequential  computation  and  variables 
and  domain  symbols  are  to  be  interpreted  in  this  world.  Thus  F  is  interpreted  as 
s-F,  f  ranges  over  forms  in  s-F,  etc.  The  qualifier  s-  will  be  omitted  except  when 
comparing  the  features  of  t-^um  with  those  of  s-kum. 


V.l.  Objects  for  sequential  computation 

The  objects  of  the  s-kum  world  include  those  of  the  t-kum  world.  In  addition, 
there  are  two  new  semantic  domains  -  continuations  and  states.  There  is  a  new  sort 
of  form  for  noting  continuations,  a  new  sort  of  dtree  for  continuation  application, 
and  continuations  are  added  to  the  computation  domain.  The  objects  of  s-kum 
are  generated  by  adding  appropriate  clauses  to  the  rules  for  generating  the  objects 
of  t-kum. 
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V.1.1.  Forms  describing  sequential  computation 

As  for  tree-structured  computation,  the  forms  describing  sequential  compu¬ 
tation  are  generated  freely  from  the  given  set  of  symbols  by  constructions  corre¬ 
sponding  to  the  computation  primitives.  The  construction  rules  axe  those  given 
in  Figure  10  (§IV.l)  together  with  the  note-  construction 

(note)  note(scont)fbody  note  the  calling  context 

note  is  a  binding  construct  analogous  to  the  A  construct.  Free  occurrences  of  s  in 
f  are  bound  by  the  outer  note-construct  in  note(s)f. 

V.1.2.  Semantic  domains  for  sequential  computation 

The  semantic  domains  for  sequential  computation  are  dtrees,  pfns,  environ¬ 
ments,  the  computation  domain,  continuations,  and  states.  These  domains  are 
generated  from  the  given  data  and  data  operations  and  forms  for  sequential  com¬ 
putation  by  a  mutual  inductive  definition  and  are  (isomorphic  to)  the  minimal 

solutions  to  the  following  equations  modulo  the  additional  rules  for  equality  (=). 

(dtree)  Dt  ~  (F  x  E)^  ©(Ox  D*)  ©  (Co  x  V*) 

(pfn)  P  ~  (Sy  X  F  X  E)^ 

(environment)  E  ~  [§y  *>-  V*] 

(computation  domain)  V~D©0©P©Co 
(continuation)  Co  ~  {Id}  ©  . . .  %  see  Figure  15 

(computation  state)  &  ~  (Co  x  Ot)  ©  (Co  x  V*) 

The  equations  for  dtrees,  pfns,  environments,  and  values  are  discussed  below. 
States  and  continuations  are  discussed  in  the  next  subsection. 

•  Dtrees.  The  three  summands  in  the  equation  for  dtrees  correspond  to  clo¬ 
sure  formation,  data  operation  application,  and  continuation  application.  Closure 
formation  and  data  operation  application  were  discussed  in  §IV.l.  For  each  contin¬ 
uation  7  and  each  value  u,  7^  t;  is  a  continuation  application  dtree.  'y'  v  describes 
resuming  computation  in  the  context  represented  by  7  with  v  the  value  returned. 
As  before  two  dtrees  are  equal  only  if  they  are  of  the  same  sort.  Two  continuation 
application  dtrees  are  equal  iff  the  corresponding  components  are  equal. 

•  Pfns,  environments  and  values.  Pfns  and  environments  for  sequential 
computation  are  generated  in  the  same  manner  as  in  i-Rum.  The  computation 
domain  for  s-Rum  contains  continuations  as  well  as  data,  data  operations  and  pfns. 
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We  say  that  an  expression  V{ '  Ua  is  well-formed  if  V{  is  a  data  operation  and  Va 
is  a  data  sequence  or  if  Uf  is  pfn  or  continuation.  This  extends  the  definition  of  well- 
formed  given  in  §rV.l  to  allow  continuation  application.  Recall  that  (A(fi)f  I  0  ^ 
is  defined  as  (f  I  u}). 

V.1.3.  Transforming  computation  stages  into  computation  states 

The  structure  of  computation  states  and  the  rules  for  sequential  computation 
are  obtained  by  transforming  the  process  of  generating  computation  trees  into 
one  of  generating  computation  sequences.  The  idea  is  to  chose  a  strategy  for 
generating  computation  trees  which  at  each  stage  uniquely  determines  the  node  at 
which  an  extension  can  be  made  and  the  rule  to  apply  (if  any).  The  strategy  we 
have  chosen  for  generating  computation  trees  corresponds  to  completing  leftmost 
subcomputations  first.  This  strategy  can  be  built  into  the  rules  for  generating 
computation  trees  by  modifying  the  rules  so  that  at  any  stage  there  is  at  most 
one  node  where  a  rule  can  be  applied,  and  at  most  one  rule  that  applies.  All 
that  is  needed  is  to  force  the  fun-subcomputation  of  an  app-dtree  to  be  completed 
before  the  arg-subcomputation  is  begun  and  to  force  the  Ihs-subcomputation  of  a 
cart-dtree  to  be  completed  before  the  rhs-subcomputation  is  begun.  For  example, 
the  rule  (app.arg)  becomes 

(app.arg)  (ffun  I  C)  t'fun  *  (farg  I  0  (3PP(ffuinfarg)  I  0 

•  States.  Computation  stages  are  represented  by  computation  states.  Using 
the  modified  rules,  at  each  stage  in  a  computation  there  is  a  current  node  and  a 
current  context  -  the  tree  surrounding  the  current  node.  The  current  context  is 
represented  by  a  continuation.  If  the  rule  that  applies  at  the  current  node  is  a 
begin  rule  then  the  state  representing  this  stage  is  the  begin  state  'y  v  D  (read  begin 
computation  of  d  with  continuation  7)  where  7  is  the  continuation  representing 
the  current  context  and  5  is  the  dtree  label  at  the  current  node.  If  the  rule  that 
applies  at  the  current  node  is  a  return  rule  then  the  state  representing  this  stage 
is  the  return  state  7^1;  (read  return  v  to  qco!)  where  7  is  the  continuation 
representing  the  current  context  and  t;  the  value  to  be  returned. 

States  are  generated  freely  from  continuations,  dtrees  and  values  by  begin 
and  return  constructions  corresponding  to  the  two  summands  in  the  equation  for 
states. 

&  =  (Co  X  Ih)  ©  (Co  X  V*) 

The  sign  v  in  7  v  is  intended  to  suggest  going  down  in  the  computation  tree 
while  the  sign  ^  in  7  ^  t>  is  intended  to  suggest  going  up  in  the  computation  tree. 
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•  Continuations.  Continuations  are  generated  from  forms,  environments,  and 
values  according  to  the  constructions  shown  in  Figure  15.  The  continuation  rep¬ 
resenting  the  current  context  of  a  computation  stage  generated  by  the  modified 
rules  represents  that  portion  of  the  context  that  must  be  remembered  in  order 
to  complete  the  computation  when  a  value  is  returned.  The  identity  continua¬ 
tion  Id  represents  the  empty  context  -  the  context  of  an  initial  or  final  stage. 
7  o  {Ifi{fthen>fei8e)  I  £))  continuation  representing  the  context  of  the  test- 

subcomputation  (ftest  I  £)  of  {if{ftest>ftheinfei8e)  I  0  Computed  in  a  context  rep¬ 
resented  by  7.  70  (Appi(farg)  I  0  is  the  continuation  for  the  fun-subcomputation 
(ffun  I  0  {3PP(ffuiufarg)  I  0  with  Continuation  7  and,  if  the  fun-subcomputation 
returns  Wfunj  '7oAppc(t;fun)  is  the  continuation  for  the  arg-subcomputation  (farg  I 
£}.  The  continuation  for  the  Ihs-subcomputation  (fih8  I  0  of  (cart(fih8jfrhB)  I  0 
with  continuation  7  is  7  o  (Carti(frh8)  I  0  Ihs-subcomputation  returns 

wihsj  the  continuation  for  the  rhs-subcomputation  (frh8  10^7°  Cartc(t;ih8). 
7  o  Fstc  is  the  continuation  for  the  seq-subcomputation  (fgeq  I  0  of  (fst{fBeq)  I  0 
with  continuation  7,  and  7  o  Rstc  is  the  continuation  for  the  seq-subcomputation 
of  (rst(f8eq)  I  0  with  continuation  7. 


Continuation 

Context  for 

Corresponding  pfn^ 

Id 

70  (lfi(fthen>felse)  1  0 

initial  stage 

test-subc  of  if-node 

{^(^new)if  (^newjfthenjfeUe)  1  0 

70  (AppiCfarg)  1  0 

fun-subc  of  app-node 

{A(5new)3PP(^neW)farg)  1 

70  Appc(i;fun) 

arg-subc  of  app^node 

(A(x)app(f,x)  1  f -f-Wfun) 

7  0<Cartl(frh.)  1  0 

Ihs-subc  of  cart-node 

{A(flnew)cart(<new,  frh»)  1 

7  0  Cartc(t;ih.) 

rhs-subc  of  cart-node 

{A(y)app(x,y)  I  x^vih,) 

7  0  Fstc 

seq-subc  of  fst-node 

A(x)fst(x) 

7  0  Rstc 

seq-subc  of  rst-node 

A(x)rst(x) 

^  Anew  is  a  Symbol  not 

free  in  any  of  the  given  forms 

Figure  15.  Continuations 
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The  notation  chosen  for  continuations  reflects  the  view  that  a  non-identity 
continuation  is  the  composition  of  a  continuation  segment  for  the  parent  of  the 
current  node  and  the  continuation  representing  the  context  of  the  parent  node. 
Thus  a  continuation  is  essentially  a  sequence  of  continuation  segments,  one  for 
each  node  along  the  path  to  the  current  node.  We  think  of  expressions  such  as 
(Appi(farg)  I  i)  and  Appc(t;fun)  as  denoting  continuation  segments  and  qrotf  as  the 
composition  of  the  continuation  'y  and  the  continuation  segment  6.  A  continuation 
segment  for  the  parent  of  a  node  describes  the  remaining  computation  at  the  parent 
node  as  a  function  of  the  value  returned  at  the  child  node  (the  subcomputation 
currently  in  progress). 

E£ich  continuation  segment  corresponds  naturally  to  a  pfn  which  is  the  ab¬ 
straction  of  a  dtree  with  respect  to  an  immediate  subcomputation.  For  exam¬ 
ple,  abstracting  the  fun-subcomputation  of  an  app-dtree,  the  pfn  corresponding  to 
(Appi(farg)  I  i)  is  (A(5aew)app(«new)farg)  I  £)•  Abstracting  the  arg-subcomputation 
of  an  app-dtree  where  the  fun-  subcomputation  has  been  completed,  the  pfn  corre¬ 
sponding  to  Appc(t;fun)  is  (A(x)app(f,x)  I  f  ~*r  Ufun)-  The  correspondence  between 
continuation  segments  and  pfns  is  also  shown  in  Figure  15.  Two  continuations  are 
equal  iff  they  have  the  same  number  of  segments  and  corresponding  segments  have 
equal  corresponding  pfns. 

•  Concatenation  of  continuations.  Given  the  view  of  continuations  as  com¬ 
positions,  there  is  a  natural  notion  of  concatenation  of  continuations  which  is 
associative  and  for  which  Id  is  the  left  and  right  identity.  We  write  for  the 

concatenation  of  70  and  71.  For  example, 

(7  o  (Carti(frh3)  I  0)  o  Id  =  If  o  (Carti(frhs)  I  0  =  Ido  (7  o  <Carti(frha)  I  0) 

(7  0  (Carti(frh8)  I  £))  o  (Id  o  FstC)  =70  (Carti(frhs)  I  0  o  FstC 

A  continuation  is  concatenated  (on  the  left)  to  a  state  by  concatenation  to  the 
continuation  component  of  the  state. 

7o  o  (7  V  Z>)  =  (70  o  7)  V  5  and  70  o  (7  ^  u)  =  (70  o  7)  a  w 

A  continuation  is  concatenated  to  a  sequence  of  states  by  concatenating  it  to  each 
element  of  the  sequence.  For  example 


=  h  ^  ^0,1  o  ^  ^2] 
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V.1.4.  Remarks 

•  On  the  representation  of  stages  as  states.  Computation  stages  could 
serve  directly  as  computation  states,  however  we  have  chosen  a  more  compact  rep¬ 
resentation  that  corresponds  more  directly  to  the  structures  that  might  be  used  in 
mechanically  carrying  out  sequential  computations.  The  current  node  of  a  com¬ 
putation  stage  is  exposed  (accessed  by  single  elementary  operation).  Completed 
subcomputation  trees  are  pruned,  leaving  only  the  value.  In  the  case  of  reduces-to, 
subcomputations  are  replaced  by  those  to  which  they  reduce.  Thus  continuations 
contain  only  the  information  about  the  context  which  is  needed  in  order  to  continue 
the  computation.  This  is  a  strong  form  of  tail-recursion,  in  which  “procedure  call” 
(begin  a  subcomputation)  is  replaced  by  “goto”  (reduce-to)  whenever  the  result 
of  the  called  procedure  is  to  be  returned  as  the  result  of  the  current  computation. 

Other  choices  for  the  representation  of  computation  contexts  may  be  appro¬ 
priate  for  some  purposes.  For  example,  to  provide  the  basis  for  an  interpreter  in 
an  interaictive  system  where  the  interpreter  is  expected  to  explain  to  the  user  what 
it  has  done  at  any  stage  of  a  computation  (as  a  debugging  tool)  the  entire  compu¬ 
tation  tree  context  could  be  represented  in  the  continuation.  This  would  require 
only  minor  modifications  in  the  step  relation  and  in  the  theorems  relating  com¬ 
putation  trees  to  computation  sequences.  Tn  this  case  tail-recursiveness  and  hence 
some  efficiency  would  be  sacrificed  in  order  to  have  more  complete  information 
available  at  each  stage  of  a  computation. 

•  Determinism  vs  non-determinism.  An  alternative  to  choosing  a  determin¬ 
istic  strategy  for  generating  computation  trees  is  to  maintain  the  original  rules  for 
computation  and  to  take  continuations  to  be  stages  with  a  hole  (a  distinguished 
leaf  with  no  label).  This  would  result  in  a  non-deterministic  model  of  computation 
in  which  different  choices  for  the  next  stage  would  in  general  give  different  results. 
We  prefer  to  focus  on  the  deterministic  model  for  the  present  and  to  study  prop¬ 
erties  of  function  and  control  abstraction  in  this  mathematically  simpler  context. 
Non-determinism  is  introduced  naturally  when  asynchronous  computation  prim¬ 
itives  are  introduced,  for  example,  to  model  Actors  (Hewitt  [1977]).  This  seems 
like  the  appropriate  framework  in  which  to  treat  non-determinism. 


V.2.  Generating  computation  sequences 

Figure  16  gives  the  rules  for  sequential  computation.  These  rules  define  a 
single  step  relation  (>-^i)  on  states,  namely  the  least  relation  closed  under  the 
set  of  rules. 
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(sym) 

7  ^  {«  1  0  7  ^  ^(«) 

(dapp) 

7  V  o'd  5^1  7  A  o{d) 

(lam) 

^  ^  (A(5)fbody  1  f)  Tf  ^  (A(5)fbody  1  f) 

(app.fun) 

Tf  ^  {3PP(ffun>farg)  1  Tf  O  {Appi(farg)  1  f)  ^  {ffun 

10 

(app.arg) 

7  o  (Appi(farg)  1  0  ^  Vfun  >“ (7  »  Appc(vfun))  (ffun 

10 

(app.app)  7  o  Appc(t;fun)  ^  >— 7  ^  (Vfun't;»rg) 

%  if  ffun '  Varg  is  well-formed^ 

(if.test) 

(If  (ftcstjfthenjfelse)  1  >^i,  7  ®  (I^Kfthen>  feUe)  1 

^  (fteBt  I  0 

(if.br) 

o  <iti(U„,f.,„)  1 0  .  0-;  1 «  “  J  ° 

(mt) 

7  V  mt  >— ►»  7^0 

(cart.lhs) 

7  V  {cart(fih„frhB)  1  0  70  {Carti(frhE)  1  f)  (fihs 

10 

(cart.rhs) 

70  {Carti(frh8)  1  €)  ^  vihs  >— 7  0  Cartc(t;rhB)  ^  (frh«  1 

0 

(cart„ret) 

7  0  Cartc(vrh8)  UrhB  >— 7  ^  [vih8,  WrhB] 

(fst.seq) 

7  (fSt(f8eq)  1  0  1  ®  PStC  V  <f,eq  | 

(fst.ret) 

7  0  FStC  A  i;,,q  >— qf  ^  1®‘  (vEeq) 

(rst.seq) 

7  V  (rSt(f8eq)  1  f)  >—*^1  7  0  RstC  V  (f.eq  (  ^) 

(rst.ret) 

7  0  RstC  A  VEeq  >^t  7  A  r'*  (^Beq) 

(note) 

7  V  <note(s)f  U>  7  ^  <f  1  £{«  7}> 

(capp) 

7  V  7o '  V  >— >8  70  A  t; 

^  Vfun  '  Varg  is  Well-formcd  iCF  Vfun  €  O  A  Varg  G  3)*  or  Vfun  G  IP  or 

Vfun  G  Co. 

Figure  16.  Rules  for  stepping 
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■  Functionality  of  the  single  step  relation.  It  is  easy  to  see,  since  there  is 
at  most  one  step  rule  that  applies  to  any  computation  state,  that  the  single  step 
relation  is  functional. 


f  >^t  fo  A  f  >— fo  = 

The  modified  rules  for  generating  computation  trees  translate  naturally  into 
step  rules.  If  a  computation  stage  is  represented  by  fo  and  the  next  stage  is  rep¬ 
resented  by  then  fo  >^i.  For  example,  the  step  rule  (app.fun)  for  beginning 
computation  described  by  an  app-dtree  is  derived  from  the  begin  rule  (app.fun) 
(see  §IV.2  Figure  11)  using  the  construction  of  the  continuation  representing  the 
context  of  the  fun-subcomputation  (given  in  §1). 

(app.fun)  7  V  (app(ffun,farg)  10  {Appi(farg)  I  0  ^  (ffun  I  0 

The  step  rule  (app.arg)  for  returning  the  value  of  the  fun-subcomputation  is  de¬ 
rived  from  the  modified  begin  rule  (app.arg)*  given  above  using  the  construction 
of  the  context  for  the  arg-subcomputation. 

(app.arg)  7  o  (Appi(farg)  I  0  ^  Vfun  7  o  Appc(t;fun)  v  (farg  I  0 

The  step  rule  (app.app)  for  returning  the  value  of  the  arg-subcomputation  is  de¬ 
rived  from  the  reduces-to  rule  (app)  combined  with  the  begin  rule  (redt.beg). 

(app.app)  7oAppc(vfun)  ^  Varg  1  ^  *^arg 

Note  that  the  app-node  disappears.  Thus  the  return  rule  obtained  by  combining 
the  rules  (app)  and  (redt.ret)  has  no  corresponding  step  rule. 

The  states  not  accounted  for  by  this  translation  are  those  corresponding  to 
noting  and  applying  continuations.  The  step  rule  for  beginning  computation  of 
(note(scont)fbody  I  C)  with  continuation  7  says  to  bind  7  to  Scont  in  C  nnd  begin 
computation  of  the  body. 

(note)  7  V  (note(Scont)fbody  U>  >-^l  'I  ^  (fbody  I  ^{«cont  7}) 

The  step  rule  for  beginning  computation  of  a  continuation  application  dtree  70  ^  v 
says  to  return  t>  to  70. 
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V.2.1.  Computation  sequences. 

Now  we  define  the  notion  of  computation  sequence  and  related  notions  useful 
for  expressing  properties  of  sequential  computation. 

>  Step  Relation.  The  step  relation  on  computation  states  >— »  is  the  transitive 

reflexive  closure  of  the  single  step  relation.  >—*t .  >— >^  is  the  transitive  closure  of 
>— . 

^  and 

>  Terminal  states.  A  final  state  is  a  return  state  with  identity  continuation, 
Id  A  u.  A  hung  state  is  a  state  qf  o  Appc{i;fun)  ^  t^arg  such  that  the  application 
Vfun^t^arg  is  not  well-formed.  A  terminal  state  is  a  state  that  is  either  final  or 
hung. 

■  A  computation  state  is  terminal  iff  no  step  rule  applies  to  it. 

>  Computation  sequence.  A  non-empty  (possibly  infinite)  sequence  of  states 
is  a  computation  sequence  if  for  each  state  in  the  sequence,  the  next  state  is 

obtained  by  appling  a  step  rule. 

(Vt  <  lEI  -l)(Eif  Eif+i) 

We  write  fa  if  E  is  a  computation  sequence  of  length  n  -h  1  with  EJ,o  =  fa 

andEin  =  fB- 

>  The  computation  sequence  for  a  state  or  dtree.  Using  the  functionality 
of  the  single  step  relation,  we  define  E(f),  the  computation  sequence  from  the  state 
f,  to  be  the  limit  of  the  computation  sequences  beginning  with  f.  Thus  E(f)  is  the 
unique  computation  sequence  which  has  as  an  initial  segment  each  computation 
sequence  beginning  with  f.  The  computation  sequence  E(?>)  for  a  dtree  9  is  defined 
by  E(())  =  E(ld  vd). 

Figure  17  shows  the  computation  sequence  for  t>if  (defined  in  §IV.2).  The 
dtrees  in  the  left  margin  mark  the  beginning  (v  D)  and  (a  D)  end  of  the  sub¬ 
sequences  corresponding  to  the  subcomputation  described  by  D.  This  shows  the 
preservation  of  the  tree  structure  in  the  computation  sequence  (see  Figure  13  in 
§IV.2).  Note  that  returning  a  value  along  any  chain  of  reduces-to  subcomputations 
of  a  computation  tree  is  accomplished  in  a  single  step  in  a  computation  sequence. 
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V  Dif  Id  (lf(Z,fcart,  mt)  I  2  -<-  »> 

V  Id  O  {lfi(fcart,  mt)  1  Z  ^  v)  V  (z  I  z  v) 

> — 

A  D*  Id  O  (lfi(fcart,  mt)  I  z  ^  v)  A  v 

^  ^^cart  Id  ^  )  fapp)  I  Z -4-  v) 

V  Df.t  Id  o  {Carti(fapp)  \z^v)  ^  {fst(z)  I  z -4-  v) 

>^t 

V  Id  o  {Carti(fapp)  I  z  v)  o  Fstc  v  (z  I  z  v) 

Id  o  {Carti(fapp)  I  z  ^  r)  o  Fstc  a  v 

A  5f,t  Id  o  {Carti(fapp)  I  z  ^  v)  a  a 

>^1, 

^  ®app  Id  O  Cartc((l)  V  ^3  j  ^rst)  I  Z -4- v) 

> — 

V  5k  Id  o  Cartc(a)  o  (Appi(fr8t)  I  z-4-  v)  v  A(x)A(y)x 

> - ►!. 

A  5k  Id  O  Cartc(a)  o  (Appi(fr8t)  1  z^  v)  a  A(x)A(y)x 

V  5„t  Id  o  Cartc(a)  o  Appc(K)  v  {rst(z)  I  z  v) 

V  5*  Ido  Cartc(o)  o  Appc(K)  o  RstC  v  (z  I  z  -4-  v) 

A  5,  Id  o  Cartc(a)  o  Appc(K)  o  RstC  a  v 

A  5r8t  Id  o  Cartc(tt)  o  Appc(K)  a  u 

V  5ku  Id  o  Cartc(a)  v  K'  u 

>^1. 

A  5appA  5ku  Id  o  Cartc(a)  a  k(u) 

> — ►t 

^  ^  Zlcart  Id  A  [a,  K(u)] 

where 

fcart  ~  Cart(ff8t ) fapp)  ffst  =  fSt(z)  V  =  [fl,  ti] 

fapp  =  3pp(fk>fr8t)  fr8t  =  rst(z)  fk  =  A(x)A(y)x 


Figure  17.  Computation  sequence  for  5if 
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V.3.  Context  insensitivity  and  context  independence 

Although  the  computation  described  by  a  dtree  in  general  depends  on  the 
context  in  which  the  computation  is  carried  out,  this  dependence  is  uniformly 
determined  by  the  dtree  and  in  many  cases  a  dtree  or  pfn  has  context  independent 
behavior,  although  continuations  may  be  noted  or  applied  within  the  computation 
sequence.  In  this  section  we  introduce  some  additional  dtree  properties  in  order  to 
express  the  “context  insensitivity”  of  dtrees  and  to  identify  a  fragment  of  s-.^um 
in  which  tools  for  reasoning  about  context  independent  computation  can  be  used. 

V.3.1.  Classification  of  dtrees 

We  begin  by  defining  a  sequential  equivalence  relation  («)  on  dtrees  of  s-Zum 
analogous  to  the  ctree  equivalence  relation  on  dtrees  of  t-.^um. 

>  Sequential  equivalence.  Two  dtrees  are  equivalent  with  respect  to  sequential 
computation  (abbreviated  c-seq  equivalent)  iff  in  any  given  context,  if  computation 
described  by  one  dtree  reaches  a  final  state  then  computation  described  by  the 
other  dtree  reaches  the  same  final  state. 

I>o  «  =  (V7,  t>)(7  V  i>o  >— ♦  Id  A  u  ^  7  V  >— +  id  ^  v) 

df 

By  context  insensitivity  we  mean  that  the  computation  described  by  a  dtree 
either  returns  a  value  to  the  calling  continuation,  escapes  to  the  top  level,  or 
diverges.  Which  case  holds  depends  only  on  the  dtree,  not  on  the  context  in  which 
the  computation  is  carried  out.  This  is  made  precise  by  the  following  definitions 
and  the  dtree  classification  theorem. 

>  Return  to  caller.  returns  a  value  to  the  calling  continuation  (J.D)  is  defined 
by 

=  (V7)(3w)7  V  5  >— »•  7  A  u 
df 

>  Escape  to  top.  escapes  to  the  top  level  is  defined  by 

**^15  =  (V7)(3t;)7  V  5  >— »^  Id  ^  v 

df 


>  Diverge.  D  diverges  (|Z>)  is  defined  by 
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■  Dtree  classification  theorem.  The  three  classes  of  dtrees  defined  above  are 
a  partition  of  Eh. 

[D  V  V  and  (i?>  A  A  (P 

This  will  be  proved  at  the  end  of  this  section.  Some  additional  simple  facts  are 

■  If  ?)  diverges  then  either  E(i))  is  infinite  or  E(i))  terminates  in  a  hung  state. 
Thus  if  diverges  the  computation  described  by  D  in  any  context  never  reaches  a 
final  state. 

-’(37,  v)  (7  V  5  >— ^  Id  ^  v) 

■  Sequential  equivalence  respects  the  classification  of  dtrees  -  if  two  dtrees  are 
c-seq  equivalent  then  they  belong  to  the  same  classification. 

?>0  «  i'Jfo  ^  A  Po  ^  A 


Remark.  A  dtree  that  always  returns  a  value  to  the  calling  continuation  may 
not  always  return  the  same  value.  For  example  the  dtree  note(g)g  returns  the 
calling  continuation  to  the  calling  continuation  -  7  v  note(g)g  >— »  7^7.  However 
the  proof  of  the  dtree  classification  theorem  will  also  show  that  the  value  returned 
is  itself  uniformly  parameterized  by  the  calling  continuation. 


V.3.2.  Preservation  of  tree  structure  in  sequential  computation 

The  close  correspondence  between  the  structure  of  the  computation  tree  for 
(Figure  13  in  §IV.2)  and  the  computation  sequence  for  Djf  (Figure  17  in  §2) 
holds  for  dtrees  of  t-Zum  in  general.  The  next  three  facts  express  the  sense  in 
which  the  structure  of  computation  trees  is  preserved  in  computation  sequences 
for  t-j^um  dtrees. 

■  Preservation  of  evaluation.  A  dtree  5  of  t-.£um  has  value  v  iff  the  compu¬ 
tation  sequence  for  H  reaches  a  final  state  with  the  value  t;  iff  D  returns  v  in  any 
context. 


5  e  t-EJt 


E(9)  '|0E(9) 

•«->  Id  V  D  >-^  Id  u  (V7)7  V  1)  > — y  7  A  v 


■  Dtrees  of  t-^um  can’t  escape.  The  sequential  computation  described  by  a 
dtree  D  of  X-Rum  must  return  a  value  to  the  caller  or  diverge.  It  cannot  escape. 


d  e  t-E)t  ^  i?>  V  tt> 
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■  Preservation  of  reduces-to.  For  t-Rum  dtrees  I)o  reduces-to  Hi  iff  there  is  a 
non-trivial  computation  sequence  from  to  l>i. 

€  t-Bt  (l>o  {V'y)(7  J»o  Tf  ) 

■  Preservation  of  sub  computation.  For  a  defined  dtree  of  t-,£txm  each  sub¬ 
computation  corresponds  to  a  subsequence  of  the  computation  sequence. 

H  €  t-Dt  aU*— So5Si)(E[5]  =  [Eo,7  o  E[5o]»Ei]) 

In  the  case  5  Do  Ei  will  in  fact  be  the  empty  sequence.  Otherwise  it  will  be  a 
proper  computation  sequence. 

V.3.3.  Context  independence 

We  extend  the  notions  of  evaluation,  reduces-to,  definedness,  and  ctree  equiv¬ 
alence  to  s-Rum  and  introduce  the  notion  of  local  dtree  The  computation 

described  by  a  local  dtree  either  diverges  or  returns  the  same  value  to  any  calling 
context.  The  notion  of  subcomputation  does  not  in  general  make  sense  in  s-Rum, 
even  for  local  dtrees,  so  we  do  not  attempt  to  extend  this  notion. 

>  Evaluation.  D  t;  =  (V7)(Tf  v  D  >— »•  qf  ^  v) 

df 

>  Reduces-to.  Do  =  (^7) (7  ^  ^  7  ^i) 

df 

>  Definedness.  IID  =  (3u)D  v 

d{  ^  ' 

>  Local.  tJ.D  =  ^D  V  ID 

df 

>  Ctree  equivalence.  Do  ^  Di  =  ti^o  A  A  (Vv)(Do  ^  v  ■«-»  Di  v) 

df 

>  Pfnl.  (p  £  Pfrd  =  V ipi 

df 

Note  that  the  definitions  of  definedness  and  pfnl  have  the  same  form  as  before. 
It  follows  easily  from  the  facts  expressing  the  preservation  of  tree  structure  in 
sequential  computation  that  the  new  definitions  of  -<,  •11^,  and  ^  agree 

with  the  original  definitions  when  restricted  to  t-^um. 

Some  simple  properties  of  locality  and  the  computation  relations  are  expressed 
by  the  following  facts  which  follow  easily  from  the  definitions 

■  Dtrees  of  t-j^um  are  local. 


D  G  i-Rum  — > 
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■  If  D  is  defined  then  V  returns  a  value  (the  same  value)  to  any  calling  continuation. 

P  P 

The  note(g)g  example  shows  that  the  converse  is  not  true. 

J.note(g)g  and  -i^note{g)g 

■  If  Do  reduces- to  Di  then  Do  is  local  iff  Di  is  local. 

Do  Di  — *•  (tJ.Do  Tl^i) 


■  If  Do  reduces- to  Di  then  Do  and  Di  are  c-seq  equivalent. 

Do  Di  — >  Do  «  Di 

■  If  Do  are  ctree  equivalent  Di  then  Do  and  Di  are  c-seq  equivalent. 

Do  ^  Di  — Do  w  Dj 

■  For  local  dtrees  reduces-to  implies  ctree  equivalence. 

Do  Di  A  tlDo  — Do  ^  Di 

V.3.4.  Lifting  theorems  from  t-Rum 

Local  dtrees  have  many  of  the  properties  of  t-Zum  dtrees.  This  allows  us 
to  lift  many  of  the  basic  theorems  of  t-^um  to  s-Rum.  The  following  are  some 
examples. 

■  The  computation  rules  hold  in  Rum  for  the  extended  definitions  of  evaluation 
and  reduces-to.  For  example, 

(redt.ret)  D>^DoADo‘->t;— »^D‘— 

(if)  I  0  I  {>  X- 1 {(““i' lltl 

(^Pp)  (ffun  I  0  ^fun  ^  (farg  I  0  ^  ^arg  (ffun  (farg)  I  0  ^  ^fnn  ^arg 

%  if  Vfun^Varg  is  well-formcd 
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Since  the  notion  of  subcomputation  does  not  extend  usefully  to  s-Zum  com- 
yuiaiion  induction  as  formulated  in  §rV.2  is  limited  to  t-^um.  However,  if  sub¬ 
computation  is  replaced  by  reduces-to  the  computation  induction  formula  remains 
valid  and  is  a  useful  special  case. 

■  For  any  dtree  property  Q 

(s.ci)  (V()){(vdo)(9  >^r>0^  g(z>o))  Q(3))  ^  {vd)(p  ->  g(i>)) 

■  The  reduces-to  laws  (I.redt),  (K.redt),  (Cl.redt),  (B.redt),  and  (S.redt)  given 
for  the  algebraic  combinator  pfns  in  §IV.4  hold  in  s-.^um. 

■  For  any  pfnl  t?  the  following  properties  of  the  recursion  pfn  hold  in  s-Rum 

(rec.pfnl)  Rec  €  Pfnl 

(rec.redt)  Rec(t?)  *  v  tJ(Rec(i?)) '  v 

(rec.fix.s)  Rec(t?)  *  v  «  i?(Rec(t?))  ^  v 

(rec.subc)  is  omitted  as  it  only  makes  sense  in  t~Rum. 

In  s-Rum  the  properties  stated  for  the  sequence  recursion  pfnls  hold  when 
restricted  to  the  local  cases. 

■  Collect  and  Tuple  satisfy 

A  ...,  A  111?  ^  On  — ♦  Collect(i?)^[ai,...,an]  ^  [t?^ai, . . .  ,t?^an] 

and 

t|t?/fl,  A  ...,  Atl^n^O  ^  Tuple[t?i,...,1?n]'u  [t?i  '  U, . . . ,  t?n  '  u] 

■  The  characterization  of  Some  is  valid  in  s-Rum  as  stated. 

■  For  pfns  t?  and  domains  A^U  such  that  A  CV  and  17  C  V*,  Seqlt  satisfies 

(Vo  G  j4)(Vu  G  U){3v  G  17){t?'(a, «)  >  v) 

— y 

(V{ai,  ...  ani}c  ^)(V«  G  C7) 

Seqlt '(t?,u,[ai,...  Cm])  t?'(ai, . . . , i?'(ani,  u) . . .) 
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V.3.5.  Proof  of  the  dtree  classification  theorem 

We  outline  the  proof  of  the  dtree  classification  theorem  as  it  uses  a  trick  which 
may  have  useful  applications  in  other  situations.  The  trick  is  to  work  with  objects 
parameterized  by  a  single  continuation  parameter  and  to  analyze  the  properties 
of  parameterized  computation  sequences.  The  continuation  parameter  provides  a 
way  of  tagging  a  continuation  and  identifying  continuations  within  a  computation 
sequence  that  are  generated  from  a  tagged  continuation.  For  the  non-divergent 
cases  we  will  prove  stronger  statements  of  the  form  “there  exists  a  parameterized 
value  such  that  for  all  continuations  ...”  rather  than  “for  all  continuations  there 
exists  a  parameterized  value  such  that  . . .  ” . 

Parameterized  objects  are  generated  just  as  the  objects  of  s-Zum  except  that 
in  addition  to  the  primitive  continuation  Id,  there  is  a  continuation  parameter  #. 
We  will  refer  to  these  objects  as  p-Rum  objects  and  we  use  the  same  variables 
to  range  over  the  various  sorts  of  p-Rum  objects  as  for  t-Rum  and  s-Rum.  Note 
that  the  s-Rum  objects  are  a  subset  of  the  p-Rum  objects.  For  a  parameterized 
object  X  and  a  continuation  7  we  write  x{7}  for  the  object  obtained  by  replacing 
all  occurrences  of  #  in  x  by  7.^  If  7  is  an  s-Rum  continuation  then  x{'7}  is  an 
s-Rum  object.  The  rules  for  sequential  computation  have  exactly  the  same  form 
for  p-Rum  as  for  s-Rum.  In  p-Rum  there  is  a  new  kind  of  terminal  computation 
state  #  A  u  -  which  corresponds  to  return  to  caller. 

The  following  facts  are  easy  to  establish: 

■  Substitution  lemma.  The  result  of  replacing  the  parameter  in  a  computation 
sequence  by  a  continuation  7  is  a  computation  sequence. 

^  f  1  r  •> 

?o  ^  fo{7} 


^  This  is  a  use  of  breices  to  express  a  form  of  substitution.  Context  will  readily  distinguish 
this  use  from  other  uses  such  as  for  readability  or  Kleene  braces. 
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■  Classification  of  parameterized  states.  For  any  parameterized  state  f 
exactly  one  of  the  following  holds: 

(i)  The  computation  sequence  beginning  with  ^  terminates  with  a  state  #  a  v  for 
some  V. 

(3t;)f  #  A  u 


(ii)  The  computation  sequence  beginning  with  f  terminates  with  a  state  Id  ^  u 
for  some  v. 

(3v)f  Id  A  w 


(iii)  The  computation  sequence  beginning  with  f  hangs. 

(3'7,VfunUarg)(ufun'varg  not  well-formed  A  f  Tf  O  Appc(t;fun)  Varg) 


(iv)  The  computation  sequence  beginning  with  f  is  infinite. 

Note  that  in  (i),  (ii),  and  (iii)  the  values  will  in  general  be  parameterized.  Taking 
f  to  be  #  V  5,  collapsing  the  latter  two  cases  into  the  divergent  case,  and  using  the 
substitution  lemma  we  have 

■  Uniform  dtree  classification.  For  5  and  7  in  s-Rum  exactly  one  of  the 
following  holds 

(i)  (3t;)(V7)7  V?)  >— »^  7  A  ^{7} 

(ii)  (3t;)(V7)7  vj  >— >  Id  a  t;{7} 

(iii)  ->(3t;)(ld  v  >— »  Id  a  u) 

The  dtree  classification  theorem  now  follows  easily. 


V.4.  Looping  and  escaping 

As  our  first  example  of  programming  and  proving  with  continuations,  we  prove 
the  equivalence  of  two  pfnls  Until  and  DoUntil  that  construct  an  until  loop  from 
a  test  and  an  action.  The  until  loop  is  typical  of  the  looping  constructs  used  in 
programming.  Given  a  test  t?test  and  an  action  t?act,  the  until  loop  for  (t?te3t»t?act) 
repeatedly  applies  t?act  to  an  argument  u  until  u  satisfies  t?tests  at  which  point 
u  is  returned  ais  the  result.  Until  is  a  t-Rum  pfn  defined  by  a  simple  recursive 
definition. 

>  Until  ^  A(p,f)Rec(A(un)A(s)if(p(s),s,un(f(s)))) 
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■  Until  lemma.  The  key  computational  properties  of  Until  are 

(until.done)  tftest '  u  [a,  w]  -*  Until(t?te8t,  t^act) '  u 

(until.loop)  «?test  *  A  1?act '  u  v 

Until^t^test)  ^act)  ^  ^act)  ^ 

DoUntil  is  based  on  the  do-forever  loop.  A  do-forever  loop  has  a  pfn  parameter 
which  is  repeatedly  applied  to  the  loop  argument.  The  pfn  Do  describes  a  do- 
forever  loop.  DoUntil  notes  the  calling  continuation  and  constructs  a  do-forever 
loop  with  a  pfn  pareimeter  that  contains  the  test  pfn,  the  action  pfn,  and  the 
calling  continuation.  This  pfn  applies  the  test  pfn  to  the  loop  argument  and  then 
applies  the  calling  continuation  (to  return  to  the  caller)  or  it  applies  the  action 
pfn  (to  continue  looping)  according  to  whether  the  test  succeeds  or  fails.  DoU  is  a 
variant  of  DoUntil  used  to  formulate  properties  of  DoUntil.  DoU  has  an  additional 
parameter  intended  to  be  the  calling  continuation. 

>  Do  ^  A(f)Rec(A(Do)A(z)Do(f(z))) 

>  DoUntil  ^  A(p,f)A(z)note(g)Do(A(x)if(p(x),g(x),f(x)),z) 

>  DoU  ^  A(p,f,g)A(z)Do(A(x)if(p(x),g(x),f(x)),z) 

■  DoUntil  lemma.  The  key  computational  facts  about  DoUntil  are 

(do.note)  ^  v  DoUntil (t>test,t? act)* «  ^  DoU(t>test,t?act»7)*w 

(do.done)  [a,u]  DoU(i?test,t?act,'y)*t' «  7't; 

(do.loop)  latest  *  1;  □  A  t?act  *  V  ’—y  u 

DoU(t?te8t,t?act,'7)*t'  DoU(t?te8t,t?act,7)*« 

From  the  basic  facts  about  Until  and  DoUntil  (and  computation  induction)  it  is 
clear  that  they  describe  essentially  the  same  computations.  More  precisely  we 
have  the  following  equivalences. 

■  t-Zum  equivalence  of  Until  and  DoUntil.  For  latest*  t^act  and  v  in  t-Zum 

DoUntil(t?test,t?act)'t>  Until(t?test,t?act)*t; 

■  s-Rum  equivalence  of  Until  and  DoUntil.  For  U  C\f* 

(Vu  €  17)(Pte8t*u  A  (3t;  €  17)t?act'u  v)  -* 

(Vu  e  t/)(DoUntil(t?te8t,t>act)*«  ^  Untll(t?test,»?act)*tt) 


136 


Sequential  computation  in  ^um 


§V.5 


Remarks 

•  Note  that  Do(i?)  is  everywhere  undefined  for  any  t?  in  t-^um. 

•  We  have  now  provided  all  the  tools  needed  to  interpret  and  verify  the  state¬ 
ments  about  sequential  computation  in  the  tree  product  examples  (Chapter  II). 
In  particular  the  equations  for  T prod2  and  the  derivation  of  T prodg  can  now  be 
verified.  We  leave  this  as  an  exercise  for  the  reader. 

Exercise  1.  Proving  equations  with  continuations:  define  Find,  FFind  as  follows 

>  Find  A(p,x)note(g)Finder(p,g){x) 

>  Finder  ^  A(p,g)Rec(A(fnd)A(x) 

gW. 

if  (Atom  (x) ,  mt,  [f  nd  (Car  (x) ) ,  fnd  (Cdr  (x) )  ]) ) ) 

>  FFind  A(p,f,x)note(g)FFinder(p,f,g)(x) 

>  FFinder  A(p,f,g)Rec(A(fFnd)A(x) 

if(p(x), 

g(f(x)), 

if(Atom(x),  mt,  [fFnd(Car(x)),  fFnd(Cdr(x))]))) 

Prove  that  the  following  equation  holds  for  x  ranging  over  S-expressions  and  f  and 
p  ranging  over  pfns  which  are  local  on  S-expressions. 

Ffind(p,f,x)  let{y-(-  Find(p,x)}if(y,f(y),mt) 

V.5.  Co- routines  in  Zum 

As  a  further  example  of  programming  with  continuations,  we  show  how  the 
co-routine  mechanism  can  be  represented  in  R.um.  Recall  (§1.2)  that  a  system 
of  co-routines  is  a  set  of  programs  that  interact  by  resuming  one  another  rather 
than  by  the  usual  function  calling  (application)  mechanism.  A  given  co-routine 
when  resumed  will  continue  computation  where  it  last  left  off,  carry  out  the  next 
portion  of  its  computation,  and  then  resume  some  other  co-routine.  Typically 
information  is  passed  between  co-routines  by  updating  shared  data  structures  and 
each  co-routine  has  internal  state  that  keeps  track  of  where  to  begin  when  it  is 
resumed.  In  Rum  the  shared  data  and  resumption  points  must  be  passed  explicitly 
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as  parameters  and  a  co-routine  is  continuation  satisfying  certain  conditions.  Here 
we  consider  co-routines  characterized  by  the  sequences  they  generate,  and  to  avoid 
irrelevant  details  we  will  assume  the  sequences  are  infinite,  i.e.  functions  on  the 
natural  numbers.  For  simplicity  in  discussing  co-routines  we  define  a  step  relation 
on  continuation  application  dtrees. 

'To'vo  =  (V7)(372)(7 'yo'vo 

df 

>  Co-routine  generating  a  sequence.  Let  be  a  sequence  of  elements  from 
the  computation  domain.  We  say  that  a  continuation  7co  is  a  co-routine  generating 
the  sequence  a  if  there  is  a  sequence  of  continuations  T  such  that 

r(0)  =  7co  and  ^  +  l),<7(t)] 

for  any  7  and  number 

Co-routine  resumption  is  based  on  continuation  application.  The  pfn  Resume 
describes  resumption  for  the  case  of  simple  pairwise  interaction  among  co-routines. 
Resume  splits  its  argument  into  a  continuation  g  ajid  remaining  information  x.  g 
is  the  resumption  point  of  the  co-routine  being  resumed.  Resume  notes  the  current 
continuation  gO,  which  is  the  next  resumption  point  of  the  resuming  co-routine, 
and  and  passes  gO  together  with  x  to  the  resumed  co-routine. 

>  Resume  ^  A[g,x]note(gO)g[gO,x] 

As  a  particular  example,  we  adapt  a  segment  of  network  code  that  uses  co¬ 
routining  (Weening  -  private  communication).  This  code  deals  with  a  situation 
where  one  gets  data  in  a  stream  of  36-bit  words,  but  would  like  to  see  it  as  8- 
bit  bytes.  There  is  a  co-routine  INBYTE  responsible  for  getting  the  next  byte 
(8-bits)  from  the  36-bit  word  stream.  Another  co-routine  which  uses  the  8-bit 
bytes,  for  example  to  generate  a  32-bit  word  stream,  resumes  INBYTE  each  time 
another  byte  is  needed.  INBYTE  has  nine  segments  of  code,  one  for  each  of  the 
nine  8-bit  bytes  contained  in  two  consecutive  36-bit  words.  In  order  to  focus  on 
the  properties  of  the  co-routine  mechanism,  we  simplify  the  problem  by  defining  a 
Zum  co-routine  ThreeTwoC(7in)  which  transforms  a  sequence  of  strings  of  length 
three  generated  by  the  co-routine  7-, a  into  a  sequence  of  strings  of  length  two  with 
the  same  characters.  If  cr  is  a  sequence  of  strings  of  length  three  then  the 

sequence  of  strings  of  length  two  with  the  same  characters  as  a,  is  defined  by 

[StrUn(<T(®>2)(3t)),  StrUn(a(®’2)(3t -hi)),  StrUn(<7(3>2)(3t' -h  2))] 

=  [StrUn(a(2t)),  StrUn(a(2t  +  1))] 


138 


Sequential  computation  in  Rum 


§V.5 


^or  all  numbers  i.  Using  the  notions  defined  above,  we  can  specify  the  co-routine 
1  nreeTwoC{7in)  as  follows. 

If  <7  is  a  sequences  of  strings  of  length  three  and  7in  is  a  co-routine 
(t(3.2))  generating  a  then  ThreeTwoC(7in)  is  a  co-routine  generating  the 
sequence 

To  define  ThreeTwoC  we  first  define  the  pfn  ThreeTwo  that  describes  the  com¬ 
putation  to  be  carried  out.  ThreeTwo  has  two  arguments,  an  input  co-routine 
in  and  an  output  co-routine  out.  Initially  ThreeTwo  reads  a  string,  stores  the 
three  characters  as  [x0,xl,x2],  and  resumes  out,  passing  the  string  with  elements 
[xO,xl].  When  next  resumed,  ThreeTwo  gets  a  second  string  from  in,  stores  the 
three  characters  as  [x3,x4,  x5],  and  resumes  out,  passing  the  string  with  elements 
[x2,x3].  When  resumed  a  third  time,  ThreeTwo  simply  resumes  out,  passing  the 
string  with  elements  [x4,x5].  When  resumed  a  fourth  time,  ThreeTwo  repeats  its 
initial  computation  with  the  current  values  of  in,  out. 

>  ThreeTwo  Rec(A(Co)A(in)A(out) 

let{[in,w]  Resume[in]} 

Iet{[x0,xl,x2]  StrUn(w)} 
let{[out]  Resume[out,  Strl\/Ik[xO,  xl]]} 
let{[in,w] Resume[in]} 

Iet{[x3,x4,x5]  StrUn(w)} 
let{[out]  Resume[out,StrMk[x2,x3)]} 
let{[out]  Resumefout,  StrMk[x4,x5]]} 

Co(in,out) 

ThreeTwoC  is  a  pfn  which  when  applied  to  an  input  co-routine  'Yin  generates  a 
co-routine  initialized  to  apply  its  resumer  to  ThreeTwo(7in). 

>  ThreeTwoC  ^  A(in)ThreeTwo(in,note(g)g) 

In  particular 


7  V  ThreeTwoC'7in  7  a  7  o  Appc(ThreeTwo{7in)) 

Since  the  context  in  which  ThreeTwoC  is  initialized  does  not  effect  the  behavior 
of  resulting  co-routine,  we  let  ThreeTwoC(7in)  denote  ldoAppc(ThreeTwo(7in))  in 
the  following. 

Proof  of  correctness  of  ThreeTwoC.  We  outline  the  proof  that  ThreeTwoC 
satisfies  to  illustrate  basic  properties  of  resumption,  and  the  general  idea 
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of  such  proofs.  Let  a  be  as  sequence  of  strings  of  length  three  and  let  7in  be  a 
co-routine  generating  a.  Let  In  be  the  sequence  of  continuations  corresponding  to 
the  generation  of  a  by  7in.  Thus  7n(0)  =  7in  and  7'[/n.(t  -|-  l),<7(t)] 

for  any  7  and  number  t.  Now  we  need  only  define  a  sequence  of  continuations  F 
such  that 

r(0)  =  id  o  Appc(ThreeTwo(/n(0))) 

r(i)S  ^  + 

If  s  is  a  string  we  write  sjy  for  the  j-th  character  of  5  -  sjy  =  StrUn(5)|y.  Let  ch 

df 

be  the  sequence  of  ch^acters  from  c.  Then  ch{Zi  +  j)  =  for  0  <  y  <  2  and 

ch{2i-\-  j)  =  for  0  <  y  <  1.  We  define  F  to  be  the  sequence  satisfying 

F(3t)  =  Id  o  Appc(ThreeTwo(/n(2t))) 

F(3»  -f  1)  =  Id  o  Appc(ThreeTwol(Jn(2t  +  l),c/i(6t  -f  2))) 

F(3t  -f  2)  =  Id  o  Appc(ThreeTwo2(/n(2*  +  2),ch{6i  +  4),c/i(6t  -f  5))) 

where 

ThreeTwol  =  A(in,x2)A(out) 

let{[in,w]  Resumefin]} 

Iet{[x3,x4,x5]  StrUn(w)} 
let{[out]  Resume[out,  StrMk[x2,x3)]} 

let{[out]  Resume[out,  StrMk[x4,x5]]} 

ThreeT  wo(in,  out) 

ThreeTwo2  =  A{in,x4,x5)A(out) 

let{[out]  Resume[out,  StrMk[x4,x5]]} 

ThreeTwo(in,out) 

Using  the  equations  relating  ch,  a,  and  and  the  properties  of  let  and  Resume 

given  below  it  is  easy  to  show  that 

F(3iV7  ^  7'[r(3t-H),<7(3.2)(3t-)] 

F(3t'-f-l)S  7'[r(3t  +  2),a(®’2)(3t-M)] 

F(3t  +  2)'7  7W(*  +  1)),^^"’'^(3*  +  2).] 

Hence,  F  is  the  required  sequence  of  continuations  verifying  that  ThreeTwoC(7in) 
is  a  co-routine  generating  □(^(3,2)) 
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■  Properties  of  let  and  Resume.  Unwinding  the  definitions  and  applying  the 
step  rules  we  have 

(1)  (fo  I  0  ^  t'o  ^  <let{s  U>  ^  7  ^  (fi  I  -^fo}> 

(2)  (fo  I  0  *^0  — 

'Y  V  {let{[sco,»v]  Resume[5co,fo]}fi  I  0 

^(5co)'[7o  Appc((A[sco,Sv]fi  I  0)>t'o] 

(3)  {fo  U>  ^  A  {37i,t;i)(V7o)(C(sco)'l7o,i'o]  7o'[7i,vi]) 

7  V  (let{[fico,«v]-<-Resume[sco,fo]}fi  I  0 
7  ^  (fi  I  £{«co  -<-7i,«v  ui}) 

Exercise  1.  Streams  and  co-routines  are  two  mechanisms  for  generating  se¬ 
quences.  These  mechanisms  are  interconvertible.  Define  pfns  Str2Co  and  Co2Str 
such  that  for  any  infinite  sequence  a  from  the  computation  domain,  if  t?  is  a  stream 
generating  a  (i.e.  =  <^(0)  then  Id  o  Appc(Str2Co(d))  is  a  co-routine  generating 

a  and  if  7co  is  a  co-routine  generating  a  then  Co2Str(7co)  is  a  stream  generating 
a.  Prove  that 

■  Str2Co  is  correct.  There  is  a  sequence  of  continuations  P  such  that  r(0)  = 

Id  o  Appc(Str2Co(t?))  and  for  all  numbers  *,  r(t)  '[7]  7^[r(*  + 

■  Co2Str  is  correct.  Co2Str(t?)(*^  =  <7(t)  for  all  numbers  t. 

[See  §rV.6  for  the  definition  of  streams  and  related  concepts.] 
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We  now  return  to  the  world  of  tree-structured  computation  to  study  a  class 
of  relations  called  comparison  relations.  These  allow  one  to  compare  one  pfn  to 
another  or,  more  generally,  to  compare  dtrees  or  forms,  selectively  forgetting  some 
details  of  the  computations  described  while  preserving  the  applicative  structure 
and  the  evaluation  relation.  In  particular,  comparable  dtrees,  when  defined,  have 
comparable  values,  and  comparable  pfns  applied  to  comparable  values  are  compa¬ 
rable  dtrees. 

There  are  several  reasons  for  developing  a  theory  of  comparison  relations. 
One  reason  is  to  satisfy  a  purely  mathematical  curiosity  as  to  what  meaningful 
notions  of  comparison  exist,  what  the  structure  of  this  class  of  relations  is,  and 
what  ‘equations’  and  ‘approximations’  hold  for  particular  comparison  relations.  A 
paradigm  for  this  work  is  the  elegant  equational  theory  developed  for  LAMBDA 
by  Scott  [1976].  Another  reason  for  studying  comparisons  is  to  develop  a  richer 
language  and  more  powerful  tools  for  stating  and  proving  properties  of  pfns,  and 
to  build  a  foundation  on  which  to  develop  a  theory  of  program  specifications  and 
transformations  in  Jium.  For  more  specific  motivations,  consider  the  following 
questions. 

■  In  what  useful  senses  can  equations  such  as  F(x)  ^  f  characterize  a  pfn  F  in 
the  case  that  F  does  not  appear  free  in  f?  Recall  that  such  equations  hold  for 
the  algebraic  combinator  pfns. 

•  Are  there  equivalence  relations  closed  under  substitution?  Note  that  for 
substitution  is  limited  to  positions  that  are  evaluated  or  eliminated  in  the 
course  of  a  computation,  since  otherwise  substituted  forms  may  return  sub¬ 
stituted,  non-equal  values. 

■  Are  there  comparisons  closed  under  abstraction?  If  fo  ~  fi  and  s  is  a  free- 
variable  then  A(s)fo  —  A(«)fi? 

■  The  Rum  recursion  theorem  (§IV.4)  together  with  computation  induction 
allows  us  to  prove  many  induction  schemes  derived  from  the  least  fixed  point 
theorem  for  the  graph  model  of  the  lambda  calculus,  but  does  not  capture 
the  full  power  of  this  theorem.  Is  there  a  partial  ordering  on  pfns  such  that 
Rec  computes  the  least  fixed  point  with  respect  to  this  ordering? 

■  What  characterizes  the  recursion  pfn?  Are  there  other  recursion  pfns? 
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■  Can  parameters  be  moved  across  the  recursion  boundary  in  general?  (see 
§IV.4) 

•  Intuitively  Rum  pfns  are  extensional  in  the  sense  that  they  can  only  be  applied, 
bound  in  environments  or  returned  as  values.  Further,  we  have  claimed  that 
pfns  are  descriptions  of  partial  functions.  If  pfns  describe  partial  functions, 
then  there  must  be  an  equivalence  relation  — ■  on  the  computation  domain 
satisfying  (Vt;)(v3o^t^  ~  'Po  As  demonstrated  by  the  non- 

extensional  theories  of  Feferman  [1975]  (see  §1.5),  such  equivalence  relations 
may  not  exist  in  general. 

■  Note  that  there  are  pfns  tp  that  satisfy  the  self  property,  tp' v  ip.  One 
example  is  the  pfn  Self  =  Rec(K).  Do  all  pfns  that  satisfy  the  self  property 
compute  the  same  function? 

The  comparison  relations  on  dtrees  are  defined  in  §1  and  additional  conditions 
characterizing  special  kinds  of  comparisons  are  defined.  Each  comparison  on  dtrees 
induces  a  natural  comparison  on  values  and  environments.  In  general  comparison 
relations  are  approximation  relations  —  since  undefined  dtrees  may  be  compared 
to  defined  dtrees  and  hence  for  comparable  pfns,  the  domain  of  definition  of  one 
pfn  may  be  a  proper  subset  of  the  domain  of  definition  of  the  other.  An  important 
subclass  of  compairisons  are  the  invertible  relations  for  which  comparable  dtrees 
are  equi-defined  and  comparable  pfns  have  the  same  domain  of  definition.  Basic 
results  about  the  structure  of  the  set  of  comparisons  relations  are  given  including 
results  about  the  preservation  of  operations  on  and  properties  of  comparisons  by 
algebraic  operations  such  as  intersection  and  transitive  closure. 

Comparison  relations  form  a  rich  hierarchy.  At  the  extremes  are  equality  and 
the  maximum  comparison  C.  Equality  in  Rum  is  the  finest  grained  comparison, 
and  corresponds  to  forgetting  nothing.  C  corresponds  to  forgetting  all  the  details 
of  computation  and  is  analogous  to  the  partial  ordering  induced  by  the  graph  model 
on  expressions  of  LAMBDA  (Scott  [1976]).  The  intersection  of  C  with  its  inverse 
is  =,  the  maximum  symmetric  comparison.  In  §2  we  study  the  relations  C  and  =. 
The  main  results  are  the  extensionality  of  C  and  =,  a  characterization  of  recursion 
pfns,  and  the  C-minimality  of  the  fixed  point  computed  by  Rec.  Some  laws  for  = 
expressed  in  the  language  of  forms  are  given  together  with  an  example  derivation 
using  these  laws.  This  is  a  small  step  towards  developing  a  .Kum-calculus.  In  §3 
an  operation  extending  a  comparison  to  contain  a  given  pfn  relation  is  defined  and 
conditions  are  given  under  which  the  extension  is  guaranteed  to  be  a  comparison. 
The  main  application  of  this  extension  operation  is  to  prove  that  a  given  pfn 
relation  is  contained  in  the  maximum  comparison  or  the  maximum  equivalence. 
We  use  this  technique  to  prove  the  extensionality  and  fixed  point  theorems  stated 
in  §2.  In  §4  an  operation  extending  a  comparison  to  contain  a  given  dtree  relation 
is  defined  and  conditions  are  given  under  which  the  extension  is  guaranteed  to  be 
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a  comparison.  Use  of  this  operation  is  illustrated  by  defining  a  several  classes  of 
comparisons  including  comparisons  generated  by  partial  evaluation,  let-conversion, 
and  normalizing  operations  on  nested  if-  and  cart-  forms. 


VI.l.  Comparisons  and  closure  conditions 

The  work  on  comparisons  is  carried  out  in  i-Zum.  Thus  Dt  means  t-Dt  and 
D  ranges  over  t-Dt,  etc.  For  this  chapter  “dtree  relation”  means  a  binary  relation 
on  closure  dtrees,  and  unless  otherwise  mentioned,  dtree  will  mean  closure  dtree. 
p  and  X  range  over  dtree  relations  and  F  ranges  over  non-empty  sets  of  dtree 
relations.  p=  will  be  used  to  denote  the  equality  relation  on  closure  dtrees.  We 
use  standard  notions  and  operations  for  binary  relations  as  summarized  in  §111.7. 
For  the  readers  convenience  we  recall  two  not  so  standard  operations  that  we  will 
make  frequent  use  of:  transitive  union  (WF)  and  inversion  closure  (p~).  Transitive 
union  of  a  set  of  relations  is  the  transitive  reflexive  closure  of  the  union  over  the 
set,  and  inversion  closure  of  a  relation  is  the  intersection  of  the  relation  with  its 
inverse. 

Before  proceeding  we  introduce  some  additional  notation  for  closure  dtrees 
that  will  simplify  discussion  of  dtree  relations.  Full  details  are  given  in  Appendix  A. 
For  non-binding  constructs,  we  use  dtree  construction  notation  paralleling  the 
form  construction  notation.  For  example,  if  5o  =  (fo  I  0  and  Dj  =  (fi  I  then 
app(llo,^i)  =  (app(fo,fi)  I  0*  Value  dtrees  (x  I  x-<-  u)  are  abbreviated  as  <y.  To 
express  abstraction  and  substitution  we  extend  the  construction  of  closure  dtrees 
to  include  dtree  contexts.  A  dtree  context  is  a  closure  dtree  with  some  holes  -  some 
nodes  where  there  are  place  holders  rather  than  dtrees.  We  write  ?>{...}  to  indicate 
a  dtree  context.  The  substitution  of  ZIq  in  a  context  D{. . (written  t>{5o}),  is  the 
dtree  obtained  by  putting  in  each  of  the  holes.  The  abstraction  of  a  context 
?){. . (written  AJ>{. . .}),  is  the  dtree  obtained  by  replacing  the  holes  with  binding 
pointers  to  the  outer  A.  An  n-ary  dtree  context  is  a  dtree  context  where  the  holes 
have  been  partitioned  into  n  classes  -  say  by  labeling  them  with  numbers  from 
1  to  n.  Substitution  and  abstraction  generalize  in  the  obvious  manner  to  n-ary 
dtree  contexts,  with  abstraction  referring  to  the  first  class  of  holes,  the  second 
class  becoming  the  first  remaining  class,  etc.  One  can  think  of  dtree  contexts  as 
being  given  by  a  form,  an  environment  and  a  list  of  variables  to  be  held  free.  Only 
free  symbols  in  the  form  which  are  not  in  the  free  list  will  become  value  nodes. 
The  symbols  held  free  can  be  thought  of  as  marking  the  holes  and  partitioning 
them  into  classes,  one  for  each  symbol  with  the  ordering  given  by  the  list. 
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VT.l.l.  Dtree  comparisons 

The  basic  comparisons  are  dtree  comparisons.  Everything  else  is  derived 
naturally  from  this  class  of  relations.  We  begin  by  defining  the  extension  of  a  dtree 
relation  to  values  and  environments  and  the  evaluation  closure  operations  on  dtree 
relations.  These  are  useful  operations  for  expressing  properties  of  dtree  relations. 
We  then  define  the  general  notions  of  comparison  and  invertible  compairison. 

>  The  extension  of  a  dtree  relation  to  values  and  environments.  Since 
we  view  pfns  2is  A-dtrees,  each  dtree  relation  determines  a  natural  relation  on  pfns, 
namely  the  restriction  to  pfns.  We  write  p  [P]  for  the  restriction  of  p  to  pfns. 

^0  p[P]  =  ^0  €  P  A  €  P  hlio  plii 

df 

Since  we  are  interested  in  the  structure  of  computation  and  wish  to  maintain 
uniformity  over  the  given  data  structure,  we  require  that  value  comparisons  restrict 
to  equality  on  data  and  data  operations  and  that  sequences  and  environments  are 
compzu-ed  component  wise.  Thxis,  a  dtree  relation  p  has  a  unique  extension  to 
values  and  environments,  which  we  also  denote  by  p. 

u  p  V  =  |u|  =  lul  A  (Vt  <  |u|)(uj.,-  =  vli  V  uj,  p[P]  wj.,) 
df 

fi  =  (v.)(fo(»)  p  ei(«)) 

di 

>  Evaluation  closure  operations.  Evaluation  closure  of  a  dtree  relation  re¬ 
lates  two  dtrees  when  they  are  both  defined  and  have  related  values.  There  are 
two  possibilities  for  the  case  that  the  first  dtree  is  undefined.  For  approximation 
relations  the  evaluation  closure  relates  zm  undefined  dtree  to  any  other.  For  in¬ 
vertible  relations  we  require  that  the  second  dtree  be  undefined  also.  For  a  dtree 
relation  p,  the  evaluation  closure  of  p,  (written  p),  and  the  invertible  evaluation 

closure  of  p,  (written  p*),  are  defined  as  follows. 

Uo  P  ^>1  =  >  (Buoj  vi)(wo  p  vi  A  5o  Vo  A  i)i  vi) 

df 

df 

>  Dtree  comparison  relations.  A  dtree  comparison  is  a  reflexive  transitive 
dtree  relation  that  is  a  subrelation  of  its  evaluation  closure  (C®(p))  and  closed 
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under  application  {C'^[p)).  C  is  the  set  of  dtree  comparisons. 
pec  =  C‘{p)  A 

df 

where 

C’{p)f,pcp 

C®(/»)  =  {'^<Po,<Pl,Vo,Vi){(po  P<Pl  Avopvi  {<Po'vo)  p  {(pi'vi)) 
df 

■  Substitution  of  values.  The  point  of  requiring  closure  under  application  in 
the  definition  of  comparison  relation  is  to  insure  that  a  comparison  is  closed  under 
substitutions  of  comparable  values.  For  any  n-ary  dtree  context  5{. . 

p€C  A  Uo,l  P  Ui,i  A  ...  A  Uo.n  P  Ul,n  “+  •  •  •  <«0,n}  P  •  •  •  <«l,n} 

Expressed  in  terms  of  forms  closed  in  related  environments  this  becomes. 

pec  A  ioPCi  (f  I  eo)p(f  I  6) 

▻  Invertible  comparisons.  An  invertible  comparison  is  a  comparison  whose 
inverse  is  also  a  comparison.  Ci  denotes  the  set  of  invertible  comparisons. 

peCi  =  peC  A  p~  eC 

df 

Examples.  Two  familiar  dtree  relations,  dtree  equality  {p-)  and  ctree  equiva¬ 
lence  (^)  2U'e  easily  seen  to  be  comparisons.  In  fact  both  are  symmetric  and  hence 
invertible.  Since  comparisons  are  reflexive,  dtree  equality  is  a  subrelation  of  every 

comparison,  i.e.  it  is  the  minimal  comparison.  Note  also  that  ^ 

VI.1.2.  About  evaluation  closure 

The  following  zire  simple  but  useful  consequences  of  the  definitions  of  the 
extension  of  dtree  relations  to  values,  the  evaluation  closure  operations,  and  com¬ 
parisons.  We  will  refer  to  these  facts  as  “basic  properties  of  evaluation  closure” . 

■  The  evaluation  closure  operations  are  monotonic  and  fix  the  pfn  component  of 
a  relation. 
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■  The  [invertible]  evaluation  closure  of  a  relation  is  determined  by  its  restriction 
to  pfns  and  hence  the  evaluation  closure  operations  are  idempotent. 

-  -»•  - * 

/)  =  pCP3  and  p  =p[P3 

— i 

p  =  p  and  p*  =  p* 

■  The  invertible  evaluation  closure  of  a  relation  is  the  intersection  of  the  evalua¬ 
tion  closure  of  the  relation  with  the  inverse  of  the  evaluation  closure  of  its  inverse. 

'p  =pn  {p~)~ 

■  The  [invertible]  evaluation  closure  of  a[n  invertible]  comparison  p  is  a[n  invert¬ 
ible]  comparison.  It  is  the  maximum  [invertible]  comparison  whose  restriction  to 
pfns  is  the  restriction  of  p  to  pfns. 

p  €.  C  —^p€.C  and  p  ^  C\  p^  &  Ci 

po  e  C  A  Pi  e  C  A  po[P}  =  Pi  [P]  Pi  C  ^ 

Po  €  Ci  A  Pi  G  Ci  A  poCP]  =  Pi  [P]  -♦  Pi  C 

VI.  1.3.  Closure  conditions  for  comparisons 

We  now  define  three  closure  conditions  for  dtree  relations:  evaluation-closed, 
extensionally-closed,  and  substitution-closed.  These  closure  conditions  serve  to 
identify  additional  interesting  sets  of  dtree  comparisons.  We  give  four  simple  com¬ 
parisons  to  demonstrate  that  for  each  closure  condition  there  are  comparisons 
which  satisfy  it  and  comparisons  which  fail  to  satisfy  it.  We  show  that  the  evalua¬ 
tion  closure  operation  on  comparisons  is  (as  the  name  implies)  a  closure  operation 
for  the  evaluation  closure  condition  —  the  evaluation  closure  of  a  comparison  is 
the  least  evaluation-closed  comparison  containing  the  given  comparison.  We  will 
see  later  that  there  are  also  closure  operations  for  the  dtree  substitution  and  ex- 
tensional  closure  conditions.  Finally  we  show  that  the  evaluation  closure  together 
with  extensional  closure  imply  substitution  closure. 

>  Evaluation-closed.  A  dtree  relation  p  is  [invertible]  evaluation-closed  if  it 
contains  its  [invertible]  evaluation  closure. 
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>  Extensionally-closed.  A  dtree  relation  is  extensionally-closed  if  two  pfns  that 
give  related  dtrees  when  applied  to  any  value  are  related 

Chxt{p)  =  (Vv?o,V?i)((Vt;)(^o'wpv>i'u) 

af 

>  Substitution-closed.  A  dtree  relation  is  substitution-closed  if  substitution  of 
related  dtrees  into  a  dtree  context  gives  related  dtrees. 

Cli,uUt{p)  = 

df 


■  Examples  of  closure  and  non-closure.  Let  po  =  pi  =  and  p2  = 
p=  U  {((x  I  x-<-  t;),{l(x)  I  x-<-  u))}.  Then  p=,  po,  pi,  and  p2  are  comparisons  and 
we  have 


-'Clevip=) 

-'Clier,{p=) 

^  ^  dtubat{p=) 

Clext{p=) 


Clev{Po) 

(po) 

~’C^ld«u6«t(Po) 

-'ClextiPo) 


~'Clev{Pl) 

ClieviPl) 

"^CldeubBti^Pl) 

-'ClextiPl) 


CltviPl) 

'Cliev{P2) 

'^^dstibsti^Pi) 

Clext{P2) 


■  The  evaluation  closure  is  evaluation-closed.  From  the  basic  evaluation 
closure  properties  we  see  that  if  p  is  a  comparison  then  the  evaluation  closure 
is  the  least  evaluation-closed  comparison  containing  p.  Similarly  for  invertible 
comparisons  and  invertible  evaluation  closure. 

pGC  — *^pGC  A  C/ev(p)  and  p  C  po  G  C  A  C/ev(^)  —^pCpo 
p  G  Ci  — >  p  G  Ci  A  Cliev{p  )  and  P  C  po  G  Ci  A  Cliefj(^po  )  — >  p  C  Po 


■  Non-independence  for  closure  conditions.  A  dtree  comparison  that  is 
evaluation-closed  and  extensionally-closed  is  also  substitution-closed.  Similarly 
for  the  invertible  case. 

P  G  C  A  C7/ev(p)  A  Clext{p)  *'  ^^daubat{,P'} 

P  ^  C'l  A  Cliev{p'}  A  Clexti^p)  ^  ^^daubati.p') 

Proof:  by  induction  on  the  structure  of  dtree  contexts,  using  the  definitions  of 
evaluation,  comparison  and  of  the  closure  conditions. 
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VI.1.4.  Algebraic  operations  on  comparison  relations 

We  will  make  frequent  use  of  algebraic  operations  on  relations  and  sets  of  rela¬ 
tions.  Of  particular  interest  are  transitive  union,  intersection  over  non-empty  sets, 
inversion,  and  inversion  closure.  Note  that  p*  =  W{/)}  so  the  transitive  reflexive 
closure  operation  is  also  covered.  Figure  18  contains  a  summary  of  operations  on 
dtree  relations  that  are  preserved  by  (commute  with)  the  algebraic  operations  and 
a  summary  of  properties  of  dtree  relations  that  are  preserved  by  these  operations. 
For  the  laws  concerning  transitive  union  to  hold  we  must  restrict  the  domain  to 
non-empty  sets  of  reflexive  relations  p  satisfying  C*.  This  is  not  a  serious  re¬ 
striction  as  it  includes  the  intended  domains  of  application.  The  commuting  and 
preservation  laws  are  mainly  a  direct  consequence  of  the  definitions  involved.  We 
will  prove  some  of  the  laws  for  transitive  union  to  illustrate  how  the  proofs  go  in 
general. 


Operation 

Preserved  by^ 

Remarks 

p[p] 

w,  n,-,~ 

p 

w,  n 

=  i7r 

7 

w,  n,-,~ 

Property 

Preserved  by 

Remarks 

« 

II 

w,n,-,~ 

C*  not  needed 

C‘(P) 

w,n,~ 

pc7 

w,  n,-,~ 

C'ip) 

w,  n,-,~ 

peC 

w,  n,~ 

p  ^  C  — ►  p'^  G  Ci 

peCi 

ttf,  n,-,~ 

Ch^p) 

tt),  n,~ 

Clevip)  Clievip^ 

Cli,.{p) 

w,  n,-,~ 

CleM 

n,',~ 

w,  n,-,~ 

C®  not  needed 

^  r  non-empty;  W  restricted  to  F  such  that  p  E.T  —*  p-  d  p  A  C\p) 


Figure  18.  Preservation  of  comparison  operations  and  properties 
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First,  to  maJce  the  content  of  this  summary  clear  we  give  the  reading  of  the 
entries  for  evaluation  closure  and  for  comparisons.  The  entry  for  evaluation  closure 
is  an  abbreviation  for  the  following  three  statements. 

(Vp  G  r)(p=  c  p  A  c*(p)  wr  =  wr) 
nr  =  nr 

(p)~  =  (p‘r 


The  entry  for  comparisons  is  an  abbreviation  for  the  following  three  statements. 

r  c  c  wr  G  c 
r  c  c  nr  G  c 

p  G  C  — p~  G  Ci 
Proofs  for  transitive  union. 

The  proofs  generally  have  the  form  of  a  chain  of  equivalences  or  implications. 
The  justification  for  a  step  is  given  in  small  print  to  the  side  or  below  the  deduced 
formula  and  is  preceded  by  the  sign  X. 

We  first  prove  the  commuting  laws  for  transitive  union.  The  key  is  commuting 
with  the  restriction  to  pfns.  The  requirement  that  r  satisfy  p  G  r  —*■  C*(p)  is 
essential  here.  Commuting  with  the  restriction  to  pfns  and  requirement  that  T 
satisfy  p  G  r  —^  pz=Gp  are  needed  to  prove  commuting  with  the  extension  to 
values.  In  turn  commuting  with  the  restriction  to  pfns  and  the  extension  to  values 
are  essential  in  proving  the  remaining  preservation  laws. 

■  Commuting  laws  for  transitive  union.  Let  F  be  a  non-empty  set  of  reflexive 
relations  that  satisfy  C®.  Then 

(i)  (wr)[P]  =  w(r[P]) 

(ii)  Wo  WF  wi  (3/:)(3{pi  ...pk}  C  F)(3uo  ...  Uk)(wo  =  uo  Pi  . ..  Pk  «k  =  vi) 

(iii)  ^  =  WF 

(iv)  Wf’  =  WF* 
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Proof{i): 

Oa  (wr)  CP]  Db 

t>a€PADbePA 

(3fc)(3{po . . .  Pk}  C  r)(3Do  =  3a . .  .3k+i  =  3b)(Vt  <  fc)(3i  pi  3i+i) 

X  definition  of  transitive  union  and  restriction  to  pfns 

X-.  (3fc)(3{po . . .  Pk}  C  r)(33o  =  3a . .  .3k+i  =  3b)(Vt  <  k){h  Pi  CP]  3i+i) 

X  since  po  and  pi  satisfy  C*  we  have  <pQ  po  3  pi  pi  — +  (3v?)(iPo  Po  <p  pi  iPi) 
3a  tt)(r  [P] )  3b  X  definition  of  transitive  union 
Q 

Proof(ii): 

Wo  WP  Vi 

Ivol  =  Ivil  A  (Vt  <  |vol)(t;oii  =  Vij.,- V  voit(wr)[P]  uiit) 

X  definition  of  canonical  extension  to  values 

|t;ol  =  lwil  A  (Vt  <  luol)(woi»  =  V  uoit  W(r[P])  viit) 

X  by  (i) 

X-+  (3fc)(3{pi . , .  Pk}  C  r)(3uo . . .  Uk)(vo  =  uo  Pi  . . .  Pk  «k  =  vi) 

X  reflexivity 
Qi 

Proof(iii): 

3a  W  r3b 

^  (3fc)(3{po . . . Pk)  C  r)(33o  =  3a . . .3k+i  =  3b)(Vt  <  k){h 

X  definition  of  transitive  union 

3a  Wa  — (3*:)(3{po  •  •  -  Pk}  C  r)(3vo  =  Wa  •  •  •  Wk+l) 

(3b  Wk+i  A  (Vt  <  *:)(i;i  p*,  Wi+i)) 

%  definition  of  evaluation  closure 

3a  Wa  (3vb)(wa  WP  Wb  A  3b  Wb)  %  using  (ii) 

■«->  3a  WP  3b  X  definition  of  evaluation  closure 
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Proof  (iv): 

Da  W  r  5b 

^  (3/:)(3{po...Pk}  C  r)(3Do  =Da...Dk+i  =Db)(Vt  <  k){h  pCh+i) 

X  definition  of  transitive  union 

*->■  (3A:)(3{po---Pk}  C  r)(3Do  =Da...Dic+i  =Db) 

(W®.  «  vnb)  A  (v.-<*)(i>i?rsi+.)) 

X  definition  of  invertible  evaluation  closure 

(-I^Da  •«-+  -ll^Db)  A  Da  W  r  Db  X  definition  of  transitive  union 
^  A  Da  WF  Db  X  by  (iii) 

^  Da  WF  Db  X  definition  of  invertible  evaluation  closure 

Div 


Now  we  are  ready  to  prove  the  preservation  laws.  We  will  consider  only  those 
laws  leading  up  to  the  preservation  of  comparisons  and  evaluation  closure.  The 
corresponding  results  for  the  invertible  case  are  proved  by  replacing  evaluation 
closure  by  invertible  evaluation  closure.  Preservation  of  substitution-closure  by 
transitive  union  (of  any  non-empty  set  of  relations)  is  a  trivial  consequence  of  the 
definitions.  Here  we  will  be  briefer,  omitting  justifications  such  as  “  by  definition 
of  transitive  union”. 

■  Preservation  laws  for  transitive  union.  Let  F  be  a  non-empty  set  of 
reflexive  relations  satisfying  C®.  Then 


(v)  WF  C  WF 

(vi)  C‘*(F)  C“(WF) 

(vii)  F  C  C  WF  €  C 

(viii)  Clev{T)  C/ev(WF) 
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Proof(v): 
i>a  wr  db 

(3fc)(3{po . .  .Pk}  c  T){30o  =  . .  .^k+i  =  ^b)(Vt  <  k){lfi  pi  7>i+i) 
i3k){3{po . .  .Pk}  C  r)(35o  =  . .  .t>k+i  =  i>b)(Vt  <  k){di  ^ h+i) 

X  since  pET  —*■  p  Cp. 

— >  5a  W  r  5b 

—>  5a  wr  5b  %  by  (iii) 

□v 

Proof(vi):  Assume  ^“(r) 

V?a  y?b  A  Ua  wr  ttb 

(3A:)(3{po...pk+m+i}  C  r) 

{3<Po  =  .  <Pk+l  =  ^b«0  =  Ua  . . .  Um+1  =  Ub) 

((Vt  <  k)  {<pi '  tto  Pi  <pi+i  *  Uo)  A 
(Vt  <  m)(<pk+i'ui  Pi+k+i  ¥?k+i'“i+i)) 

X  by  (i),(ii),  and  C“(r) 

-*  V^a^Ua  Wr  V^b^Ub 
Dll* 

Proof(vii):  by  (v)  and  (vi)  since  the  transitive  union  of  a  set  is  by  definition 

reflexive  and  transitive. 

Proof(viii);  Assume  Cle„{T) 

5a  Wr  5b 

^  5a  W  r  5b  %  by  (iii) 

^  (3fc)(3{po...Pk}cr)(35o  =  5a...5k+i  =  5b)(Vt  <  fc)(5i  ^5i+i) 

->  (3A:)(3{po . .  .Pk}  C  r)(35o  =  5a . .  .5k+i  =  5b)(Vt  <  k){h  Pi  5i+i) 

X  evaluation  closure  of  F 
^  5a  wr  5b 

Dviii 
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VI. 2.  The  maximum  comparisons 

An  important  consequence  of  the  closure  of  comparison  relations  under  tran¬ 
sitive  union  is  the  existence  of  maximum  comparisons.  We  define  three  relations: 
C,  the  maximum  element  of  C,  the  inverse  of  C,  and  =,  the  intersection  of  □ 
and  its  inverse. 

>  The  maximum  comparisons. 

C  =  WC 

“  df 

□  =  C" 

“  df  “ 

^  =  cnD 

df  “  “ 

The  following  are  a  few  facts  about  the  maximum  comparisons. 

■  Maximality.  By  the  preservation  laws  for  algebraic  operations  (Figure  18)  C 
is  the  maximum  comparison  and  =  is  the  maximum  invertible  comparison. 

CgC  and  />  €  C  p  C  C 

^eCi  and  ^  and  p  6  C;  p  C  = 

■  Evaluation  closure.  By  basic  properties  of  evaluation  closure  □  is  evaluation- 
closed  and  =  is  invertible  evaluation-closed. 

Q  =  n  and  ^ 


The  next  two  facts  illustrate  that  the  maximum  comparisons  are  non-trivial 
in  the  sense  that  they  do  not  relate  too  many  pfns. 

■  Non-triviality  1.  Let  Bot  be  Rec(A(f,  x)f(x))  a  pfn  that  is  everywhere  unde¬ 
fined.  Then  Bot  C-approximates  every  pfn,  and  no  pfn  with  non-empty  domain 
□-approximates  Bot. 

Bot  □  (p  and  (3t;)((l-^' v)  ^  g  Bot 

Hence  Bot  is  not  =-equivalent  to  any  pfn  with  a  non-empty  domain  of  definition. 

■  Non-triviality  2.  Define  the  numeral  sequence  Nu{n)  by  JVu(O)  =  □  and 
Nu,{n  -1- 1)  =  K[Nu{n)).  Then  no  element  of  the  sequence  Nu  is  =-equivalent  to 
any  other  element. 

m  <n  ^  Nu{m)  ^  JVu(n) 
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We  prove  this  to  give  an  idea  of  one  sort  of  argument  used  to  prove  non-equivalence. 
The  proof  is  by  induction  on  m.  For  n  >  0,  Nu{n)  ^  JVu(O)  since  Nu[n)  is  a 
pfn  and,  by  definition  of  the  extension  of  dtree  relation  to  values,  no  pfn  is  =- 
equivalent  to  the  empty  sequence.  For  0  <  m  <  n  assume  JV(m  —  1)  ^  Nu{n  —  1). 
If  Nu{m)  =  Nu{n)  then  Nu{m)'a  =  iVu(n)'o  by  definition  of  comparison.  But 
Nu{m)  'o  iVu(m  — 1)  and  Nu{n)  'a  ^  Nu{n—1)  so  by  definition  of  comparison 
N{m  -  1)  =  Nu{n  -  1)  □. 

■  Extensionality  Theorem  C  and  =  are  extensionally  closed. 

(ext.C)  {Vt;)(v?o^  V  E  ^  <Po^V>i) 

(ext.=)  (Vt;){v?o^ V  —  <po  =  (pi) 

(ext.C)  is  proved  in  §3  after  some  general  tools  are  developed.  (ext.=)  is  an 
immediate  consequence  of  (ext.C),  the  preservation  laws,  and  the  definition  of  = 
as  the  intersection  of  C  zmd  its  inverse. 

■  Corollary.  By  the  non-independence  lemma  C  and  =  are  substitution-closed. 

(E)  and  ) 


VI.2.1.  Pfns  as  partial  functions 

Since  =  is  extensional,  pfns  can  be  interpreted  as  partial  functions  on  the 
computation  domain  modulo  =.  For  any  Rum  domain  A  and  any  element  a  of  A, 
[Ajef  denotes  the  set  of  equivalence  classes  of  A  modulo  =  and  [ajef  denotes  the 
equivalence  class  containing  a.  For  each  pfn  (p  we  define  a  partial  function  {^}s{ 
on 

(fun)  [uje^  =  (3uo  =  v  uq) 

df 

Using  properties  of  symmetric  comparisons  it  is  easy  to  see  that  (fun)  does  indeed 
determine  a  partial  function  on  [V*Js-  We  call  {^}sf  the  function  computed  by 
(p.  Extensionality  of  =  implies  that  two  pfns  compute  the  same  function  iff  they 
are  =-equivalent.  Thus  is  a  subset  of  [V*Je^  which  is  isomorphic  to  a  partial 

function  space  on  [V*J^.  Furthermore  [V*Je;  contains  an  isomorphic  copy  of  the 
given  data  structure  ^D,  and  [PJ  ^  has  all  the  closure  properties  needed  for  a  theory 
of  computable  partial  functions  over  T),  including  computable  functions  of  higher 
types. 


^  Here  we  are  again  using  braices  according  to  the  notation  of  Kleene  [1952].  Context  will 
distinguish  between  the  use  of  braces  in  this  sense  and  our  normal  use  as  readability 
braces  around  function  expressions. 
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This  interpretation  of  pfns  justifies  the  description  of  pfns  as  partial  functions 
that  contain  information  about  how  they  are  to  be  computed.  It  also  allows  us 
to  use  the  usual  tools  for  reasoning  about  partial  functions  (i.e.  about  functional 
binary  relations)  when  working  modulo  =.  Two  simple  examples  are  the  laws  for 
identity  and  composition,  and  the  uniqueness  of  the  “bottom”  pfn. 

■  Laws  for  identity  and  composition.  The  laws  for  I  and  o  given  in  §IV.4 
show  that  I  computes  the  identity  function  and  that  o  computes  the  composition 
functional.^  It  follows  that  I  and  o  satisfy  the  laws  for  a  monoid.  Namely,  I  is  the 
right  and  left  identity  for  composition  and  composition  is  associative. 

I  od  S  t?  ^  do  I 
(do  o  di)  o  dj  =  do  o  (t?i  o  1^2) 

■  Uniqueness  of  the  bottom  pfn.  There  is  a  unique  partial  function  ±  (bot¬ 
tom)  on  V*  that  is  everywhere  undefined.  The  pfn  Bot  (Rec(A(f,x)f(x)))  is  ev¬ 
erywhere  undefined  and  hence  computes  J_.  Thus,  a  pfn  computes  ±  iff  it  is 
=-equivalent  to  Bot. 

=  J-  ^  =  Bot 


VI.2.2.  The  recursion  theorem  revisited 

Using  the  maximum  comparison  we  give  a  strengthened  version  of  the  recur¬ 
sion  theorem  and  two  consequences  -  uniqueness  of  the  recursion  pfn  and  a  general 
result  for  recursion  with  parameters. 

>  Recursion  pfns.  We  say  that  a  pfn  v?rec  is  a  recursion  pfn  if  it  satisfies  the 
following  computational  laws. 

(rec.pfnl)  <prec  €  Pfnl 

(rec.subc)  (Vd  €  P/n/)(d'(v?rec(t?))  -c  V?rec(t?)  '  t;) 

(rec.redt)  (Vd  €  Pfnl)  (v?rec(t?) '  v  t?(v?rec(<?)) '  v) 

Note  that  these  are  just  the  laws  given  for  Rec  in  §IV.4,  hence  Rec  is  a  recursion 
pfn. 

■  Improved  Recursion  theorem.  If  v?rec  is  a  recursion  pfn  then  for  any  pfnl 
d,  (prec  computes  the  least  fixed  point  of  d. 

(rec.fix)  ¥>rec(t>)  =  d(v?rec(l?)) 

(rec.min)  t?(¥?)  Q  <p  —*  V?rec('?)  E  P 


^  Recall,  I  is  defined  as  A(x)x  and  o  is  infix  notation  for  B  which  defined  as  A(f,  0,  x)f  (g(x)). 
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By  the  definition  of  recursion  pfn  (preci^)  ^  ^(PrecW)  aind  (rec.fix)  follows  by 
..*-;.linality  of  =.  (rec.min)  is  a  consequence  of  maximality  and  will  be  proved  in 
§3.  To  see  that  in  general  the  least  fixed  point  of  a  pfnl  is  not  the  only  fixed  point 
consider  the  pfn  A(f,x)f(x).  Every  pfn  satisfies  A(f,x)f(x)(^)  =  p,  but  the  least 
fixed  point  Bot  is  everywhere  undefined. 

■  Uniqueness  of  Rec.  If  Prec  is  a  recursion  pfn,  Prec  is  =-equivalent  to  Rec  on 
pfnls. 

t?  G  P/nl  -*  Rec(t?)  =  V?rec(t?) 

This  follows  from  the  improved  recursion  theorem.  More  generally  for  any  pfns  Pr,o 
and  pr,i  satisfying  (rec.fix)  and  (rec.min)  and  any  pfnl  ^  we  have  t?(v?rj(t?))  — 
¥?rj(»?)  for  J  =0,1  by  (rec.fix).  ^r,i(’?)  E  ^r,o(t?)  by  (rec.min)  for  v?r,i  and 
Pr,o(^)  E  V’r,i(<?)  by  (rec.min)  for  Pr,o-  Hence  v?r,o('?)  —  V’r,i(<?)  as  required. 

■  Parameterized  Recursion.  In  §IV.4  we  showed  how  certain  forms  of  recursion 
with  parameters  can  described  by  treating  the  parameter  as  an  argument  or  by 
carrying  the  parameter  in  the  environment  of  a  recursively  defined  pfn.  This  fact 
is  an  instance  of  a  general  result  about  the  equivalence  of  alternative  descriptions 
of  recursion  with  parameters. 

(param)  Rec(A(h,x,z)g(x,h(x),z))  S  A(x)Rec(A(f,z)g(x,f,z)) 

(param)  is  the  JZum  analog  of  equation  (2.28)  Scott  [1976]  and  is  proved  in  the  same 
manner  using  the  improved  recursion  theorem  and  the  extensionality  theorem. 

Alternative  description  of  recursion. 

Our  definition  of  Rec  was  derived  by  unwinding  (i.e.  extracting  the  lambda 
expression  implicit  in)  Kleene’s  proof  of  the  2nd  recursion  theorem  (Kleene  [1952]: 
Theorem  XXVII).  An  alternative  “call-by- value”  version  of  the  Y  combinator  CbvY 
is  given  in  Reynolds  [1970]. 

>  Y2  ^  A(h)A(x)h(h,x) 

>  Y1  ^  A(f)A(h)f(Y2(h)) 

>  CbvY  ^  A(f)Yl(f,Yl(f)) 

■  For  pfnls  t?,  .([CbvY't?  and  CbvY(t?)  S  Rec(t>). 

Proof:  We  show  that  CbvY  is  essentially  a  recursion  pfn.  Assume  t?  is  a  pfnl. 

We  claim  (i)  CbvY't?  r?(Y2(Yl(i?)))  and  (ii)  A(f)Y2(Yl(f))  is  a  recursion  pfn. 
Then  by  the  improved  recursion  theorem  and  evaluation  closure  of  = 

CbvY(t?)  ^  t?(Y2(Yl(t?)))  =  Y2(Y1(t?))  =  Rec(t?) 

as  required,  (i)  and  (ii)  follow  directly  from  the  definitions  with  a  little  computa¬ 
tion.  □ 
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VI. 2. 3.  Towards  a  Rum  calculus 

The  maximum  equivalence  satisfies  many  laws  expressed  as  an  equational 
theory  in  the  language  of  forms.  These  include  the  laws  of  the  Lambda-v  calculus 
(Plotkin  [1975]).  We  list  some  of  the  laws  for  =  below  and  illustrate  their  use 
in  proving  equations  by  proving  the  equivalence  of  alternative  descriptions  of  the 
until-loop  functional. 

■  Laws  for  =. 

(if.if)  if(if(fo,fl,f2),f3,f4)  =  if(fo,if(fl,f3,f4),if(f2,f3,f4)) 

(if.app)  f(if(fo,fi,f2))  =  if(fo,f(fi),f(f2)) 

(if.or)  if(or(fo,fi),f2,f3)  =  if(fo,f2,if(fi,f2,f3)) 

(let.cnv)  let{s  fo}f  = 

(let.perm)  let{so  ■<-  let{5i  —  let{si  fi}let{5o  fo}f 

X  «i  not  free  in  f 

(cart.id)  cart(f,  mt)  =  cart(mt,f)  =  f 

(cart.assoc)  cart(cart(fo,fi),f2)  =  cart{fo,cart(fi,f2)) 

(subst)  fo  =  fi  flfo  =  flh 

(abstract)  fo  =  fi  A(s)fo  =  A(s)fi  X  For  «  not  a  global  symbol 

(rec.def)  8{  =  Rec(A(5f)A(si  . . .  Sn)fbody)  —*■  Sf  (si  ■  •  •  «n)  —  fbody 
%  For  «i,. . .  8n  not  global  symbols 

(param)  Rec(A(h,x,z)g(x,h{x),z))  =  A(x)Rec(A(f,z)g(x,f,z)) 

The  laws  involving  the  recursion  pfn  have  already  been  discussed,  (abstract)  is 
just  an  alternative  form  of  (ext).  The  remaining  laws  are  consequences  of  general 
closure  properties  of  =  which  will  be  proved  in  §4.  We  call  the  use  of  (let.cnv) 
to  replace  an  instance  of  the  left-hand  side  by  an  instance  of  the  right-hand  side 
let-elimination.  Use  of  (let.cnv)  in  the  opposite  sense  is  called  let-introduction. 

Alternative  until-loop  constructions. 

To  illustrate  the  use  of  the  parameterization  law  we  derive  the  equivalence  of 
alternative  descriptions  of  the  until-loop  functional  Until  and  Un. 

>  Until  ^  A(p,f)Rec(A(un)A(s)if(p(s),s,un(f(s)))) 

Un  ^  Rec(A(Un)A(p,f,s)if(p(s),s,  Un(p,f,f(s)))) 


> 
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Beginning  with  the  definition  of  Un,  let-introduction  is  used  to  put  the  body  of 
the  definition  in  a  format  that  matches  the  (param)  law.  The  (param)  law  is  then 
applied  followed  by  let-elimination  to  recover  the  original  definition  of  Until. 

Rec(A(Un)A(p,f,x)if(p(x),x,Un(p,f,f(x)))) 

^  Rec(A(Un)A(p,f,x){A(p,f,h,x)if(p(x),x,h(p,f(x)))}(p,f,Un(p,f),x)) 

X  let  introduction 

^  A(p,f)Rec(A(h)A(x){A(p,f,h,x)if(p(x),x,h(f(x)))}(p,f,h,x)) 

X  (param)  with  g  =  A(p,f,h,x)if(p(x),x,h(p,f (x))) 

^  A(p,f)Rec(A(un)A(x)if(p(x),x,un(f(x)))) 

X  let  elimination 

The  laws  for  =  (with  some  additional  laws  for  if-simplification  and  conditional 
substitution)  can  also  be  used  to  formalize  the  derivation  of  the  equation  for  T prodc 
(see  §11.3). 


VI. 2.4.  Remarks 

Towards  a  theory  of  program  transformations.  With  respect  to  develop¬ 
ing  a  theory  of  program  transformations,  the  laws  for  =  give  rise  to  a  rich  collection 
of  transformation  rules.  What  is  needed  is  to  develop  further  principles  such  as 
laws  for  safe  introduction  of  recursion.  One  approach  is  to  try  to  extend  the  notion 
of  computational  progress  (Scherlis  [1980])  to  Rum  in  order  to  obtain  safe  systems 
of  rules  for  deriving  recursive  definitions. 

Another  direction  of  work  is  to  look  for  extensions  of  the  Lambda-v  calcu¬ 
lus  (Plotkin  [1975])  by  adding  laws  for  if,  mt,  cart,  fst,  rst.  Such  added  laws 
should  preserve  the  Church-Rosser  property  and  reflect  adequately  the  intended 
interpretation  of  these  additional  primitives.  This  would  provide  a  richer  base  of 
“syntactically”  generated  equivalence  relations  and  be  a  step  toward  mechanizing 
transformations  or  the  checking  of  validity  of  transformation  steps. 

A  third  direction  of  work  is  to  explore  the  use  of  comparisons  other  than  C 
and  =  to  formulate  soundness  of  transformations  as  well  as  to  express  forms  of 
improvement  made  by  transformations. 

Open  Questions.  We  have  really  just  exposed  the  tip  of  the  iceberg.  There 
are  a  number  of  questions  still  to  be  answered  about  the  maximum  comparisons. 
Some  of  the  open  questions  are: 

-  What  is  the  logical  complexity  of  C  (or  =)? 
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■  Is  C  the  least  comparison  satisfying  extensionality? 

■  Are  the  fixed  points  computed  by  Rec  the  only  uniformly  computable  fixed 
points  of  pfnls  in  J^um?  That  is,  is  there  a  pfnl  v^fix  such  that  for  any  pfnl  t? 
V^fix(t?)  =  t>(v?fix(t?))  but  for  some  pfnl  t?  we  have  v?fix(’?)  ^  Rec(t?)). 

-  C  is  defined  as  the  maximum  approximation  for  a  fixed  but  arbitrary  data 
structure  'D.  Let  Cq  be  the  restriction  of  C  to  the  pure  dtrees  -  dtrees  that 
have  no  occurrences  of  data  or  data  operations.  Is  this  relation  the  same  for 
all  choices  of  !D?  If  not,  how  does  it  depend  on  JD? 


VI.3.  Pfn  extensions  of  comparisons 

Pfn  extensions  provide  a  method  of  extending  a  given  comparison  to  a  com¬ 
parison  containing  a  given  pfn  relation.  This  in  turn  provides  a  method  of  proving 
that  a  given  pfn  relation  is  contained  in  the  maximum  approximation.  Since  for 
these  purposes  only  the  restriction  to  pfns  of  a  dtree  relation  is  relevant,  we  in¬ 
troduce  the  notion  of  pfn  comparison.  This  characterizes  the  relations  obtained 
by  restricting  dtree  comparisons  to  pfns.  We  define  a  pfn  extension  operation 
and  a  pfn  extension  condition  which  guarantees  that  the  pfn  extension  of  a  pfn 
comparison  is  a  pfn  comparison.  These  tools  are  used  to  prove  the  extensionality 
and  improved  recursion  theorems  stated  in  §2.  We  also  prove  the  uniqueness  of 
Self,  thus  answering  one  of  the  questions  asked  at  the  beginning  of  this  chapter. 
Originally,  these  and  other  theorems  of  similar  form  were  proved  individually.  It 
then  became  clear  that  these  proofs  were  all  based  on  the  same  extension  con¬ 
struction  and  that  the  proofs  amounted  to  verifying  the  pfn  extension  condition. 
We  shall  not  make  further  attempt  to  motivate  the  definitions.  The  proof  of  the 
pfn  extension  theorem  should  help  make  the  technical  reasons  for  the  definitions 
clearer. 


VI.3.1.  Pfn  comparisons 

>  Pfn  comparison.  A  pfn  comparison  is  a  dtree  relation  that  is  refiexive,  tran¬ 
sitive  and  is  evaluation  closed  under  application  (satisfies  C^).  Cp  is  the  set  of  pfn 
comparisons. 

CP{p)  =  {'i‘po,<Pi,vo,vi){(po  P<Pl  A  VopVi  {<Po' Vo)  p  {(pl' Vi)) 
df 

peCp  =  P  =  P*  AC’^ip) 
df 

Note  that  for  a  pfn  comparison,  there  are  no  requirements  for  dtrees  other  than 
pfns.  In  fact,  pfn  comparisons  are  essentially  dtree  comparisons  with  non-pfn 
dtrees  forgotten.  This  is  expressed  by  the  pfn  comparison  lemma. 
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■  Pfn  comparison  lemma.  Each  dtree  comparison  is  a  pfn  comparison  and 
the  evaluation  closure  of  a  pfn  comparison  is  a  (dtree)  comparison  containing  the 
restriction  to  pfns  of  the  given  pfn  comparison. 

p  G  C  — p  G  Cp 
pG  Cp  p[P]  CpG  C 

VI.3.2.  The  pfn  extension  theorem 

The  pfn  extension  of  a  pfn  comparison  by  a  pfn  relation  is  the  least  transitive 
reflexive  relation  containing  the  union  of  the  given  relations  and  closed  under  value 
substitution.  For  technical  reasons  we  construct  the  extension  in  two  stages. 

>  Value  closure.  The  value  closure  x**  of  ^  relation  x  is  the  least  reflexive 
relation  such  that^ 

(0)  xCPlcx" 

(1)  t<0,l  x"  «1,1  A  ...  A  Uo,n  x"  «l,n  ^  V3{<«0,1  •  •  •  <U0,n}  X**  •  •  •  <Ul,n} 

>  Pfn  extension.  The  pfn  extension  of  p  by  x»  (written  pHx),  is  the  transitive 
union  of  p  jmd  the  value  closure  of  x- 

P^X  =  W{p,x''} 

at 

In  order  to  state  the  pfn  extension  condition  we  introduce  two  more  definitions: 
relative  pfn  comparison  and  the  dtree  relation  induced  by  the  value  closure  of  a 
pfn  relation. 

>  Relative  pfn  comparison.  We  say  that  x  is  a  pfn  comparison  relative  to  p 
if  (x>p)  satisfies  where 

=  (Vv3o,^i)(Vuo,Ui)(y)o  X^i  Auo  X  «i  {<Po’uo)x°pi<Pi'tii)) 
df 

Recall  that  o  is  the  composition  operation  and  Oq  Po  ^  Pi  ^  (3D)(Do  Po  ^  Pi  ^*i)- 
The  interest  in  relative  pfn  comparisons  is  explained  by  the  following  lemma. 


^  The  requirement  that  x**  be  reflexive  amounts  to  adding  a  further  clause  /?=  [P]  C  x**- 
Since  this  clause  corresponds  to  a  trivial  case  in  the  arguments  based  on  the  definition 
of  X**  we  have  not  listed  it  explicitly. 


§VL3 


Pfn  extensions  of  comparisons 


161 


■  Relative  pfn  comparison  lemma.  If  p  is  a  pfn  comparison  and  x  is  a  pfn 
comparison  relative  to  p  then  W{p,  x}  is  a  pfn  comparison. 

p  G  Cp  A  ^^(x.p)  -  w{p,x}  e  Cp 

This  follows  from  Cf’(p)  A  Cf(x,p)  —*■  C'P(y{p,x})  which  is  easy  to  check  by 
unwinding  the  definitions. 

>  Value  closure  on  dtrees.  The  dtree  relation  x**’*^  induced  by  the  value  closure 
of  a  relation  x  is  the  least  dtree  relation  such  that 

(0)  UoxCP]  l>ox"’‘^5i 

(1)  Uo.l  x"  «1,1  A  ...  A  Uo,n  x“  Wl,n  •  •  •  <Uo,n}  x"’**  ^>{<“1,1  •  •  •  <“l,n} 

(2)  x“  V>i  A  Mo  x"  (^o'«o)  x"’** 

We  are  now  ready  to  define  the  pfn  extension  condition  and  to  prove  the 
pfn  extension  theorem. 

▻  Pfn  extension  condition. 

=  (V(po,<Pi,tio,ui)(<po  X  ¥>1  A  uox"  A  ©^yp(x,/»,^o'«o) 

-♦  (^Po'tto)  X^°P  (v?i'«i)) 

where 

=  (va.  ao)(vab){a.  x‘-'‘  Sb  -  a.  ?  o  ?  ab) 

■  Pfn  extension  theorem.  If  p  is  a  pfn  comparison  and  (x>p)  satisfies  the  pfn 
extension  condition  then  the  pfn  extension  of  p  by  x  is  a  pfn  comparison. 

p  G  Cp  A  ©P(x,/»)  PVX  e  Cp 

Before  proving  the  pfn  extension  theorem  we  prove  two  lemmas.  The  theorem  will 
then  follow  easily. 

■  Lemma. 1.  If  p  is  a  pfn  comparison,  0fcyp{x>P>^*o)>  uo.i  X**  *^i,i  for  1  <  t  <  n, 
and  Dj  =  5{<Uj,i . . .  <Uj,n}  for  j  =  0, 1  then  Do  X**  o  P 

Proof:  Lemma. 1.  Assume  Do  vo  and  show 

(3w2,  wi)(t;o  x"  t;2  p  ui  A  Di  ^  vi) 

.  We  consider  cases  according  to  the  dtree  context  construction. 
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Case(l>j  =  Mt):  let  vq  =  Wi  =  t;2  =  d. 

Ca3c(Z>j  =  <Uj):  let  vq  =  uo>  Vi  =  V2  =  tti- 
Case(5j  =  V?aj):  let  vo  =  t>i  —  t;2  =  ?>i. 

Case(Z>j  =  app(^>a,j,?>bj)):  By  definition  of  we  have  tla.o  X*’’'*  ^*a,i  and  5b, o  x”’'* 
5b, 1*  By  ©fcj/p  and  properties  of  evaluation  and  subcomputation,  there  are  Ua,i 
and  Ub,i  for  t  =0,1,2  such  that 

5a,o  Ua,o  and  5b, o  «b,o  and  Ua,o'«b,o  uo, 

5a,i  ^  Ua,i  and  5b, i  ^  Ub,i, 

«a,o  x"  «a,2  P  «a,i  and  Ub,o  x"  nb,2  P  Ub,l. 

Since  the  application  is  defined  we  know  that  Ua,o  €  O  A  Ub,o  €  D*  or  Ua.o  €  P. 
In  the  case  tta,o  S  O,  by  definition  of  the  extension  of  a  dtree  relation  to  values, 
«a,o  =  Ua,2  =  t*a,i  and  Ub,o  =  nb,2  =  Wb,i  and  we  let  V2  =  Vi  —  vq.  In  the  case 
aa,o  €  P  we  have 

(«a,o'«b,o)  x"’**  («a,2'«b,2)  p(Ua,l'«b,l) 

SO  by  ©ftyp  there  are  V2  and  vz  such  that  Vo  X**  ^2  P  vz  and  Ua,2^«b,2  ^  vs- 
Since  p  is  a  comparison  there  is  vi  such  that  vz  p  ui  and  Ua,i^Ub,i  ui-  The 
if-,  cart-,  fst-,  and  rst-  cases  are  similar.  □/  emma.l 

■  Lemma. 2. 

©"(x.p)  A  p  e  Cp  (5o  x"’*^  5i  5o  x"  o  P  ^>i) 

Proof:  Lemma. 2.  We  use  computation  induction  on  5o,  with  induction  hy¬ 

pothesis  ©feyp(X)P>5o)  and  consider  cases  according  to  the  definition  of  x**’*^* 

Case.O:  5o  xfP]  Then  5o  x**  since  5j  '^5j. 

Case.l:  5j  =  5{<Uj,i  ...<Uj,n},  for  j  =  0,1  where  uq,-,  x”  “i,i  for  1  <  t  <  n.  This 
follows  from  Lemma.  1  using  the  induction  hypothesis. 

Case.2:  5o  =  <Po'uo  and  5i  =  (pi'ui  where  <po  x**  <Pi  and  uq  x**  “i-  Using  the 
definition  of  x**>  there  are  two  subcases. 

Case.2.0:  X  This  follows  from  0^  using  the  induction  hypothesis. 

Case.2. 1:  (pj  =  V5{<Uj,i . . .  <«j,n}  for  j  =  0, 1  with  Uo,i  X**  ui,i  for  1  <  i  <  n.  This 
is  just  Case.l.  □iemma.2 

Proof:  Pfn  extension  theorem.  As  a  special  case  of  lemma.2  we  have 

p  G  Cp  A  0'’(x,p)  C'P(x“,p) 

Using  the  relative  pfn  comparison  lemma  and  p  H  x=  '±*{PiX**}  if  follows  that 
pHx  G  Cp  as  required.  Dp.*.* 
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VI. 3.3.  Using  the  pfn  extension  theorem 

Our  applications  of  the  pfn  comparison  theorem  will  be  to  show  that  certain 
pfn  relations  are  contained  in  the  maximum  comparisons.  These  are  based  on  the 
following  corollary. 

■  Pfn  extension  corollary.  To  prove  that  a  pfn  relation  x  is  contained  in  C  or 
to  prove  that  a  symmetric  pfn  relation  x  is  contained  in  =  it  suffices  to  show  that 

©'’(x,p. 

©'’(x.Q  ^  xCP]  eg 
©'’(x,p  A  X  =  X'  XCP]  C  = 

Proof:  By  the  pfn  comparison  lemma  and  the  pfn  extension  theorem  and 

maximality  of  C,  if  ©^(x»E)  then  xCP]  C  E  tlx  e  C  and  by  definition  of  =, 
(xnx~)[P]c=. 

•  Proof  of  the  extensionality  theorem.  For  the  first  application,  we  prove 
the  extensionality  of  g. 

(ext.g)  (Vv)(¥?o^v  E  ^  ¥>o  E  V^i) 

Let  X  =  {(^o.V^i)  1  (Vi;)v?o*v  g  (pi*  v}.  Since  g  G  C  the  (only-if)  direction  of 
(ext.g)  is  trivial,  so  we  need  only  show  the  (if)  direction  -  X  E-  By  the  pfn 
extension  corollary  it  suffices  to  show  0*’(x>E)-  To  see  this  assume  X 
«o  X**  “1  ©^j,p(x>E>^o^  Wo)*  Then  by  definition  of  x  and  of  value  closure, 

{<Po'uo)  x"  {po'vi)  g  (^I'tii).  By  lemma.l  (¥?o'uo)  X**  o  E  (v?i'«i)>  as 
required.  Uext 

•  Proof  of  the  improved  recursion  theorem.  Our  second  application  of 
the  pfn  compeirison  theorem  is  to  prove  the  main  part  of  the  improved  recursion 
theorem 

(rec.min)  ^  V’tW  E  'P 

where  Px  is  a  recursion  pfn  (see  §2)  and  t?  is  a  pfnl.  Assume  t?(v?)  g  <p  and  let 
X  =  {(v?r(*?)>  V?)}*  By  the  pfn  extension  corollary  to  show  g  P-  we  need 

only  verify  ©^(XjE)*  Assume  v?o  X  “o  x"  «!  and  0ftyp(x> E>V?o^ wo)*  By 
definition  of  x>  Po  =  V?r(’^)  and  pi  =  p.  Assume  ^  “o  wq,  then  by  properties 
of  recursion  pfns,  if'<po  ■<  Po^^o  and  po' i?(v^o)^wo-  By  ©^yp  and  the 
assumptions  on  <p  we  find  (p2  with  t?(v?o)  X**  P2  E  '^[Pi)  E  Pi  thus 

(^o'uo)  (»?(^Po)'«o)  x"’”^  {P2'»i)  E  (v?i'ui) 
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and  by  ®hyp  have 


(t?(^po) '  tto)  x"  o  E  (v?2'«i)  C  (^pi'ui) 
as  required,  □(rec.min) 

•  Proof  of  the  uniqueness  of  self.  To  answer  the  question  raised  at  the 
beginning  of  this  chapter  we  prove  that  if  ^ '  v  ^  for  all  t;  then  ^  =  Self.  Let 

X  =  1  (Vt;)(^o'u  ^  <po  ^  v>\'  V  ^  <pi)}. 

By  the  pfn  extension  corollary,  since  x  is  symmetric,  to  show  x  C  =  we  need  only 
verify  ©p(x, E)-  Assume  <po  x  and  Uo  X**  ^i.  By  definition  of  x>  ^  <Po 

and  <pi  thus  (¥?o'«o)  x"  Oeeif 

Exercise:  Stream  equivalence.  Define  the  restriction  operation  on  streams 
StrR  which  restricts  the  inputs  to  a  stream  to  be  the  empty  sequence 

>  StrR  A(s)A(z)Iet{[x,s] s()}ifmt(x,mt,  [x,StrR(s)]) 

Prove  that  if  two  streams  t?o>  t?i  are  equal  as  streams  then  the  restrictions  of  the 
two  streams  are  =-equivalent.  For  streams 

t?o  =  i?i  StrR(t?o)  =  StrR(t?i) 

(See  §IV.6  for  definitions  and  properties  of  streams) 

Hint:  Define  the  pfn  extension  of  =  by 

{{t?o,  t?x)}u  {(,?>",  t?r)  I  n<l,?o|-} 

amd  use  the  pfn  extension  theorem. 

Itemark:  We  need  to  work  with  the  restriction  here  because  we  have  been 

discussing  streams  in  terms  of  repeated  application  to  the  empty  sequence.  Thus 
it  is  really  the  restriction  that  we  are  interested  in. 
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VI.4.  Dtree  extensions  of  comparisons 

Dtree  extensions  provide  a  means  of  extending  a  given  comparison  to  a  com¬ 
parison  containing  a  given  dtree  relation.  The  main  interest  is  in  obtaining  rela¬ 
tions  that  contain  sets  of  program  transformations.  Thus  we  focus  on  substitution- 
closed  relations.  The  basic  plan  is  similar  to  that  for  pfn  extensions.  We  define 
a  dtret  extension  operation  and  a  dtree  extension  condition  which  guarantees  that 
the  dtree  extension  of  a  comparison  is  a  comparison.  The  dtree  extension  oper¬ 
ation  is  used  to  construct  comparisons  satisfying  laws  such  as  those  given  for  = 
given  in  §2,  These  constructions  also  serve  to  prove  the  corresponding  laws  for 
=.  A  one  step  extensionality  closure  operation  is  defined  which  provides  a  means 
of  obtaining  comparisons  approximating  extensionality  to  any  desired  level.  This 
also  serves  as  an  alternative  proof  of  the  extensionality  theorem.  As  for  pfn  ex¬ 
tensions,  the  basic  definitions  were  derived  by  abstracting  on  a  collection  of  proofs 
beised  on  the  dtree  extension  construction  and  which  amounted  to  verifying  the 
dtree  extension  condition. 

VI.4.1.  The  dtree  extension  operation 

The  dtree  extension  of  a  relation  p  by  a  relation  x  is  constructed  in  two  stages. 
First  form  the  dtree  substitution  closure  of  x>  then  take  the  transitive  union  with 
P- 

>  Substitution  closure.  The  substitution  closure  x*’  of  X  is  the  least  reflexive 
dtree  relation  such  that 

(0)  xcx‘" 

(1)  «o  x"  «i  ->■  <«o  x"  <«i 

In  clause  (2)  we  may  assume  with  out  loss  that  5{. . .}  is  not  a  trivial  context  i.e. 
that  5{. . .}  is  not  simply  a  hole. 

>  Dtree  extension.  The  dtree  extension  plix  of  p  by  x  is  defined  by 

plJX  =  w{p,x'’} 

di 

■  Dtree  extension  lemma.  The  substitution  closure  of  a  relation  p  is  substitution- 
closed  and  dtree  extension  commutes  with  inversion. 

Oldsub8t(p‘')  and  (pi;x)“  =  (p“*iX~) 

This  is  an  easy  consequences  of  the  definitions  and  properties  of  substitution- 
closure. 
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VI.4.2.  The  dtree  extension  theorem 

We  now  define  the  dtree  extension  condition  for  relations  (XjP)  and  prove 
that  it  guarantees  that  the  dtree  extension  of  a  comparison  p  by  a  relation  x  is  a 
comparison.  As  for  pfn  extensions,  the  dtree  extension  condition  is  expressed  in 
terms  of  relative  compairisons. 

>  Relative  comparison.  We  say  that  x  is  a  comparison  relative  to  p  if  (Xj/^) 
satisfy  C*  and  C®  where 

C*{x,p)  =  (VDo,t>i)(Do  X^>i  5oXopi>i) 

df 

C*(x,p)  =  (Vv?o,V?i)(Vuo,ui)(v?o  X  Auo  X  Ml  -*•  (v?o'uo)  X  o />  (v?i '  «i)) 

df 

The  key  fact  about  relative  comparisons  is  the  following. 

■  Relative  Comparison  Lemma.  If  p  is  a  comparison  and  x  is  a  comparison 
relative  to  p  then  W{p,  x}  is  a  comparison. 

p  €  C  A  C;(x,p)  A  C®(x,p)  -♦  W{^,x}  e  C 

This  follows  from 

C\p)  A  C;(x,p)  C*(W{P,X}) 

^“(p)  A  C;(x,p)  C®(w{p,x}) 

which  are  easy  to  check  by  unwinding  the  definitions. 

>  Dtree  extension  condition.  The  dtree  extension  condition  0(XtP)  for  (x,p) 
is  defined  by 

^(X,P)  =  0‘(x,p)  A  0“(x,p) 

df 

where 

©'(x,p)  =  (VDo,l>i)(i>o  X^>i  A  ©feypCx^/J.t^o)  x‘’  °P  ^i) 

df 

=  (VS.  ^  iio)(Viib)(a.  x*  Sb  ^  a.  ? » ^  St) 

©“(x./i)  S  (Vvbo.Vi.uo.uiXiPo  X  A  Uo  x"  “I  -*  (s^o’xo)  x'' »/’ 

df 

■  Dtree  extension  theorem.  If  p  is  a  comparison  and  (x,p)  satisfies  the  dtree 
extension  condition  then  the  dtree  extension  of  p  by  x  is  a  comparison. 


pe  C  A  0(x,p)  pUx^  C 
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Proof:  Dtree  extension  theorem.  We  show 

(claim.a)  ©“(x>P) 

and 

(claim.e)  0(x>/>)  P  C*(x*'»p) 

then  ©(x>P)  P^C  -+  plix  €  C  follows  from  the  relative  comparison  lemma  and 
the  definition  of  plix- 

Proof  (claim.a.):  Assume  ©®(x»/>),  <Po  x''  V>u  and  uq  X^*  «i  and  show 

(v^o'wo)  X^op 

According  to  the  definition  of  x*"  there  are  three  cases. 

(Case.O):  X  ^i-  Here  (v?o'«o)  °  P  follows  from  ©“(x,p)- 

(Case.l):  =  <Uj.  This  case  is  impossible  as  a  value  dtree  can  not  be  a  pfn. 

(Case.2):  =  <p{-  •  •  •  •  •)  where  5o,i  X*"  Here  (v?o '  t<o)  X**  (v?i '  «i)  by  the 

definition  of  x*"  since  ¥?{.. .bj,i 

Oclatm.a 

Proof  (claim.e.):  Assume  ©*(x>/>)  and  p€  C  and  show  by  computation  induc¬ 
tion  on  5o  that  _ 

5o  X**  ^0  X*"  o  ^  ^>1 

Note  that  the  induction  hypothesis  is  ©^yp(x>P>^o)-  By  the  definition  of  x^  there 
are  three  caises. 

(Case.O):  J>o  X  Here  ?lo  X*’  o  P  ^>1  follows  from  0‘{x,p)  using  the  induction 
hypothesis. 

(Case.l):  Z>j  =  <Uj  where  uq  x**  Ui.  Here  Do  x** 

(Case.2):  Dj  =  D{. .  .Dj,i . . .}  where  Do,i  X**  We  consider  cases  on  the  construc¬ 
tion  of  the  dtree  context  D  (assuming  D  not  a  hole).  The  cases  Dj  =  Mt,  Dj  =  <Uj, 
and  Dj  =  ADaj  are  trivial. 

In  the  case  Dj  =  app(Da,j,^>bj)  we  have  Da,o  X**  ^>a,i  and  Db,o  x'’  By  definition 
of  evaluation  and  the  induction  hypothesis  there  are  Ua,i  and  Ub,i  for  i  =  0,1,2 
such  that 

^>a,o  «a,o  and  Db,o «b,o  and  Ua,o^«b,o vo, 

^>a,i  ^  «a,i  and  Db,i  ^  «b,i. 

«a,0  X**  «a,2  P  «a,l  and  Ub,0  X**  «b,2  P  «b,l, 
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Since  the  application  is  defined  we  know  that  Ua,o  G  O  A  Ub,o  €  D*  or  Ua,o  G  P- 
i  ne  case  Ua,o  G  O  is  trivial.  If  Ua,o  €  P  then  by  the  definition  of  Ua.o  X**  «a,2 
there  are  two  non-trivial  cases:  (0)  Ua,o  X  “a, 2  and  (2)  Uaj  =  Ua{. .  . . .}  with 

^>o,i  x”  In  the  case  (0),  by  0®,  (ua,o'«b,o)  x”  o  P  (ua,2'tib,2).  In  case  (2), 
by  definition  of  x*’.  («a,o'«b,o)  X**  (ua,2'u^2)*  In  either  case  by  the  induction 

hypothesis  and  p  G  C  we  have  (ua.o^Ub.o)  X**  °  P  (t*a,i  ^  “b.i)*  The  if-,  cart-,  fst-, 
and  rst-  cases  are  similar.  IllcZoim.e 

VI.4.3.  Corollaries  of  the  dtree  extension  theorem 

The  following  corollaries  of  the  dtree  extension  theorem  are  the  basis  for  the 
examples  to  be  constructed.  The  first  corollary  shows  how  the  dtree  extension 
condition  provides  criteria  for  constructing  invertible  comparisons. 

■  Corollary  1.  Invertible  extension.  If  p  is  an  invertible  comparison  and  the 
dtree  extension  condition  is  satisfied  by  both  (x>p)  and  (x''>P“)  then  the  dtree 
extension  of  p  by  x  is  an  invertible  comparison. 

p  G  Ci  A  0(x,p)  A  0(x~,P~)  pHx  e  C\ 

Proof:  This  follows  from  the  definition  of  invertible  comparison,  two  applica¬ 

tions  of  the  dtree  extension  theorem  and  the  fact  that  (plix)~  =  (p~*lX~)*  C 

■  Corollary  2.  Evaluation  extensions.  If  p  is  a  comparison  and  x  is  contained 
in  the  evaluation  closure  of  p  then  the  dtree  extension  of  p  by  x  is  a  comparison. 

p  G  Ci  A  X  C  p  pHX  G  C 

Proof:  By  the  dtree  extension  theorem  we  need  only  verify  0(x»p)-  ©*(x>p) 

follows  directly  from  x  C  p.  To  verify  0®(x>  p)  note  that  by  properties  of  evaluation 
closure  ipo  X  <Pi  implies  <po  p  <pi.  Thus  by  the  definition  x^  and  p  €  C  it  follows 
that  <po  X  <Pi  and  uq  X**  “i  implies  {po'^o)  X**  (v^o'wi)  P  □ 

■  Corollary  3.  Invertible  evaluation  extension,  ff  p  is  an  invertible  com¬ 
parison  and  X  is  contained  in  the  invertible  evaluation  closure  of  p  then  the  dtree 
extension  of  p  by  x  is  an  invertible  comparison. 

p  G  Ci  A  X  C  p  ^  pHX  G  C 


Proof:  This  follows  from  corollary  1,2  and  p  —  p  n  (p  )  .  □ 
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■  A  substitution  closure  operation.  If  p  is  a  comparison  then  pitp  is  the  least 
substitution-closed  comparison  containing  p.  If  p  is  an  invertible  comparison  then 
ptp  is  the  least  invertible  substitution-closed  comparison  containing  p. 

C^dsub8t{,P^P) 

p  E  C  {p^p  6  C)  A  (p  C  Po  €  C  A  Cldaub8t{Po)  —*  P^P  C  po) 
p  €  Ci  ^  {P^P  €  ^i)  A  p  C  Po  G  Ci  A  CldaubstiPoi)  ^  P^P  ^  PO 

Proof:  This  follows  from  corollaries  2  and  3,  the  dtree  extension  lemma,  and 

preservation  laws  for  substitution  closure  using  the  fact  that  for  comparisons  p  C 

p*  C  p. 


VI.4.4.  Example  comparison  constructions 

We  will  define  a  number  of  comparisons  using  the  dtree  extension  operation. 
We  call  these  comparisons  “transforms”  as  they  can  be  thought  of  as  rules  for 
transforming  programs. 

Partial  Evaluation  transforms. 

If  2>  V  then  dtrees  related  by  replacing  some  occurrences  of  D  by  value 
nodes  with  value  v  generate  a  comparison  relation  extending  dtree  equality  that 
corresponds  to  partial  evaluation.  Partial  evaluation  transforms  are  tree  prun¬ 
ing  relations.  The  computation  trees  described  by  related  dtrees  are  related  by 
replacing  some  subtrees  by  references  to  their  value.  An  example  is  replacing  oc¬ 
currences  of  Addl(Addl{0))  by  2.  Any  set  of  evaluations  generates  a  comparison, 
for  example,  evaluation  of  all  dtrees  that  correspond  to  terms  built  only  from  data 
and  data  operations.  The  complete  partial  evaluation  transformation  is  obtained 
by  using  the  set  of  all  evaluations. 

>  Complete  partial  evaluation  transform. 

^  =  P=>^Xey  where  Xev  =  |  5  ^  u} 


■  Since  p=  €  Ci  and  Xev  C  p=*  we  have  by  Corollary  3  that  ^  €  Ci. 
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Syntactic  transforms 

Many  comparison  relations  are  naturally  expressed  in  terms  of  relations  on 
forms.  We  call  these  relations  syntactic  transforms. 

>  Let  X  be  a  set  of  pairs  of  forms.  We  define  the  dtree  extension  of  p  by  X 
(written  as  follows. 

=  ptixx  where  XX  =  {{(to  I  {>,  <fl  I  f»  I  (to,f>)  €  X,  6  €  E} 

df 

■  Expressing  Corollaries  2  and  3  in  terms  of  forms  we  have 

p  €  C  A  X  Cl  p  — ^  €  C  and  p  ^  C\  A  X  C  p  ►  i  ^  €  C5 

As  examples  we  define 

^ifif  T  {'f('^(fo>fl)f2)jf3>f4)j  if  (fo  j  i^(f  1  jf3>f4)> 'f  (f2>f3>f4))} 
df 

XiUpp  =  {(fOnto.fi.fr)),  if(fo,f(fi).f(f2)))} 

df 

Xif.p.  =  {(if(or(fo,fi),f2,f3),  if{fo,f!,if(fi,f2,f3)))} 

df 

Xiet.perm  =  {(let{5o let{si fi}fo}f,  let{si fi }let{«o fo}f) 

df 

\  Si  ^  freest)} 

Xcart.id  =  {(cart(f,mt),  f)} 

df 

Xcart^aaaoc  =  {(cart(cart(fo,fi),f2),  cart{fo,cart(fi,f2)))} 

df 

^Ut.elim  =  fo}f7  flfo)} 

df 

Xut.intro  =  {(f|fo5  fo}f)  |  'll- (flfo ) 

Then  taking  p  to  be  p=  (or  any  invertible  comparison)  and  X  to  be  one  of  the  sets 

Xif.disti  Xif,ory  Xlet.perrm  Xcart.idi  OT  Xeart.assoe  We  have  X  Cl  p  and  i  >■  G  Cj. 
Furthermore  by  the  preservation  properties  given  in  §1  the  symmetric  closure 

(^^)~}  of  ^  is  a  symmetric  comparison.  Thus  any  invertible  comparison 
can  be  extended  to  a  symmetric  comparison  satisfying  the  (if.if),  (if.app),  (if.or), 
(let. perm)  (cart.id),  and  (cart. assoc)  laws  for  =  given  in  §2.  In  particular,  this 
verifies  these  laws  for  =. 

Ifp  is  any  comparison  containing  (i^)  and  X  =  Xiet.elim  then  is  a  com¬ 
parison  closed  under  the  let-elimination  transform.  If  p  is  any  invertible  compar¬ 
ison  containing  ^  and  X  =  Xut.intro  then  is  an  invertible  comparison  closed 

under  let-introduction.  Further,  if  X  =  Xut.intro  then  i±){^  ,  (^ )“}  satisfies  the 
(let.cnv)  law  given  in  §2  and  thus  we  verify  this  law  for  =. 
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Abstraction  transforms 

As  a  final  example  we  define  the  one  step  abstraction  closure  of  a  comparison. 

>  One  step  abstraction  closure.  The  one  step  abstraction  closure  of  p  is 
defined  by 

=  pllXabs  where  Xabs  =  {{<Po,<Pi)  \  (Vv)((v?o'v)  P  (^I'v))} 
df 

■  If  p  is  a  comparison  then  the  one  step  abstraction  closure  of  p  is  a  comparison. 

p  ^  C  — ^  i ^  €  C  . 

Proof;  By  the  dtree  extension  theorem  we  need  only  verify  ©(xabsjP)-  For 
©*(Xab3»p)  note  that  since  Xabs  is  a  pfn  relation  we  have  Xabs  implies  ?>o  Xabs 
Di.  For  ©®(xabs,p)  note  that  <po  Xabs  <Pi  and  uq  x^bs  inaplies  (v?o'uo)  xlbs 
{<Po' ui)  p  {(pi* ui).  n 

■  The  one  step  abstraction  closure  preserves  invertibility  and  symmetry. 

*  p.abs  *  J  _  p.abe  fP,abB._ 

p  E  C\  6  Cj  and  p  —  p 


Remarks. 

•  Notice  that  taking  p  to  be  C  we  have  an  alternative  proof  of  the  extensionality 
theorem. 

•  The  one  step  abstraction  closure  operation  is  a  monotone  operation  on  com¬ 
parisons.  Thus  it  can  be  iterated  along  the  ordinals  to  a  fixed  point  which  will 
be  the  least  extensional  comparison  containing  the  initial  comparison.  (This  is 
a  form  of  inductive  definition  -  see  for  example  Moschovakis  [1975]).  This  is  an 
alternative  to  the  construction  of  the  least  extensional  comparison  by  intersecting 
all  of  the  extensional  comparisons  containing  the  given  starting  relation. 
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Now  we  return  to  the  world  of  sequential  computation.  In  this  chapter  we 
generalize  the  idea  of  introducing  a  continuation  parameter  in  order  to  transform 
recursive  pfns  to  sequential  pfns.  This  idea  was  used  in  the  tree  product  example 
(§11.2)  to  transform  a  recursive  computation  into  a  sequential  one.  We  will  show 
that 

any  s-Rum  computation  can  be  described  by  a  sequential  dtree  of 
t-J^um  and  carried  out  using  the  reduces-to  relation. 

Notions  of  Rum  machine  structure  and  machine  morphism  are  introduced  infor¬ 
mally  in  order  to  provide  mechanisms  for  relating  different  representations  of  com¬ 
putation  descriptions  and  to  formulate  precisely  the  claim  (f).  There  is  a  natural 
Rum  machine  structure  R  on  s-Rum.  A  Rum  machine  structure  T  is  defined  on 
t-Rum  and  a  map  from  to  T  is  defined  and  proved  to  be  a  morphism.  We  think 
of  T  eis  an  abstract  machine  and  the  morphism  as  a  naive  compiler.  A  simple 
example,  compiling  and  optimizing  the  pfn  Car,  is  given  to  illustrate  how  pro¬ 
gram  transformations  can  be  combined  with  naive  compiling  to  produce  plausible 
results. 


VII.l.  Rum  machine  structures 

A  Rum  machine  structure  over  (iD,§y)  has  a  collection  of  states  and  a  step 
relation  on  these  states.  In  addition,  there  axe  forms,  environments  and  dtrees 
for  describing  computations  and  continuations  for  describing  computation  con¬ 
texts.  The  computation  domain  contains  representations  of  data,  data  operations, 
pfns  and  continuations.  There  zu-e  injections  (i«,id,<-o)  mapping  §y  to  machine 
forms,  and  mapping  D  and  O  into  the  computation  domain.  Environments  are 
finite  maps  from  symbols  to  sequences  from  the  computation  domain.  There  are 
construction  operations  including  a  closure  operation  (close)  mapping  form  -  envi¬ 
ronment  pairs  to  dtrees;  an  application  operation  (appl)  mapping  data  operation 
-  data  sequence  pairs  and  continuation  -  value  pairs  to  dtrees;  an  abstraction  op¬ 
eration  (pfn)  mapping  symbol  -  form  -  environment  triples  into  the  computation 
domain  (the  representation  of  pfns);  an  injection  (note)  from  continuations  into 
the  computation  domain  (the  representation  of  continuations);  an  identity  con¬ 
tinuation  (idcont),  a  begin  operation  (begin)  mapping  continuation  -  dtree  pairs 
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to  states;  zuid  a  return  operation  {return)  mapping  continuation  -  value  pairs  to 
states.  Finally  there  is  a  next  state  operation  (step).  The  domains  and  opera¬ 
tions  of  a  Rum  machine  structure  are  summarized  in  Figure  19  using  generic  Rum 
notation  for  domains. 


Domains 


<F,  E,  V,  Dt,  Co,  §t> 


Embedding  of  (D,  Sy) 


i,:lSu-h  F] 
td  :  [D  V] 
to  :  [O  V] 

E  =  [t,(Sv)  *y 


%  an  injection 
X  an  injection 
X  an  injection 

V] 


Machine  Operations 

close  :  [F  X  E  Eh] 

appl :  [(O  X  D*)  ©  (Co  x  V)  Eh] 

p/n  :  [S»  X  F  X  E  V] 

note  :  [Co  V]  %  an  injection 

idcont :  [a  Co] 

begin  :  [Co  X  Eh  §t] 

return  ;  [Co  x  V*  §t] 

step  :  [St  ^  St] 


Figure  19.  Rum  machine  structure  over  (!D,Sv) 


The  s-Rum  world  described  in  Chapter  V  heis  a  natural  machine  structure, 
R.  So  far  we  have  imagined  that  the  injection  mapping  symbols  to  forms  and  the 
injections  mapping  data,  data  operations  and  continuations  into  the  computation 
domain  are  simply  inclusions.  When  necessary  to  distinguish  objects  from  their 
representations  in  the  computation  domain  we  write  d  €  V,  o  €  V,  and  -7  G  V. 
p/n(«,f,  =  {A(s)f  I  which  we  write  as  (A(s)f  1  G  V  if  we  need  to  distinguish 

the  pfn  from  the  dtree  of  the  same  structure. 

In  order  to  talk  about  more  than  one  machine  structure  we  relativize  the 
notation  for  a  Rum  world  by  adding  a  superscript  denoting  the  machine.  To 
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avoid  notational  clutter,  superscripts  will  generally  be  omitted  from  operation 
ana  relation  symbols  since  the  interpretation  cam  be  determined  by  the  arguments. 
For  objects  of  Z  we  omit  superscripts  (this  is  the  default  interpretation)  except 
for  emphasis.  For  example,  f  (or  f^)  is  a  form  of  Z,  and  we  write  or  just  F 
for  the  set  of  forms  of  Z.  More  generally,  if  ./I  is  a  Zum  machine  structure,  is  a 
form  of  A  and  F'*  is  the  set  of  forms  (the  interpretation  of  F)  in  >1.  The  image  of 
6  in  F^  will  be  denoted  by  and  the  images  of  d  and  o  in  will  be  denoted 
by  d^,  o^.  7  G  is  the  representation  of  7^  in  V^.  We  will  use  s-Zum  notation 
for  machine  operations.  Thus  we  write  I  for  close(f^,^^)  and  for 

appl{d^,  v^).  The  application  notation  is  extended  to  pfns  as  usual  by 

VII.2.  The  tree  machine  T 

A  tree  machine  is  a  machine  structure  defined  on  i-Zum.  Tree  machine  states 
are  sequential  dtrees  -  dtrees  that  can  be  evaluated  using  reduces-to  steps  with 
only  limited  side  computations.  The  computation  trees  described  by  sequential 
dtrees  look  like  lists  with  reductions  along  the  main  (rightmost)  branch  and  side 
computations  as  elements  of  the  list.  This  is  illustrated  in  Figure  20. 


•  ho  v 

Do  Di 

^  \  >^ 

»  •  • 

D 

c-f  t; 

* 

•  D  ^  v 

♦  stands  for  a  side  computation. 

Figure  20.  Sequential  dtrees 

For  example  the  dtrees  formed  by  application  of  Tprodl  to  number  trees  are  se¬ 
quential  dtrees  (see  §11.2).  The  key  in  describing  sequential  computation  of  the 
tree  product  function  was  to  make  the  continuation  of  the  computation  an  explicit 
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parameter  (a  continuation  pfn).  In  such  computations  application  is  used  in  sev¬ 
eral  ways:  to  apply  a  data  operation  to  a  data  sequence,  to  return  a  value  to  a 
continuation,  and  to  call  a  pfn  with  an  argument  and  a  continuation. 

Generalizing  the  basic  ideas  involved  in  the  transformation  of  the  tree  product 
computation  we  define  the  tree  machine  structure,  T.  Notation,  rules  for  generat¬ 
ing  T-objects,  Eind  definitions  of  T -operations  and  injections  are  given  in  Figure  21. 
In  order  to  keep  track  of  the  different  roles  played  by  pfns  in  the  tree  machine  and 
to  distinguish  the  various  uses  of  application,  symbols  are  partitioned  into  three 
sorts:  value  symbols,  operation  symbols,  smd  continuation  symbols.  There  are 
just  two  continuation  symbols  which  we  denote  by  c  and  c*.  Further  we  fix  an 
injection  from  §y  into  the  value  symbols,  s  and  an  isomorphism  of  O  with 

the  operation  symbols,  o  ^  d. 

In  addition  to  the  required  sorts  of  machine  objects,  T  has  value  instructions 
f"  and  state  forms  f*.  Value  instructions  are  forms  describing  the  primitive  com¬ 
putations  that  generate  values:  reference  to  a  value  bound  in  the  environment 
(vsym),  pfn  formation  (pfn),  noting  (note),  application  of  data  operations  to  data 
sequences  (dapp),  and  instructions  for  sequence  manipulation  (mt,cart,fst,rst). 
State  forms  are  generated  by  constructions  corresponding  to  returning  a  value  to 
a  continuation  (ret),  conditional  branching  (if),  calling  a  pfn  with  an  argument  and 
a  continuation  (call),  and  making  temporary  bindings  of  continuations  and  values 
(cbnd,  vbnd).  State-forms  serve  as  symbolic  descriptions  of  computation  states. 
Each  state-form  contains  a  free  continuation  symbol  whose  intended  interpretation 
is  a  pfn  representing  the  current  context. 

T -environments  are  environments  that  bind  T -values  to  value  symbols  (and 
that  bind  no  other  symbols) .  A  T -environment  extended  by  binding  the  continu¬ 
ation  symbol  c  to  a  T -continuation  is  called  a  T -state-environment.  For  forming 
closures  in  T  we  will  assume  we  are  working  in  a  global  context  binding  data 
operations  to  the  corresponding  symbols. 

The  remaining  tree  machine  objects  are  generated  naturally  from  state-forms 
by  abstraction  and  closure.  T -forms  are  obtained  by  abstraction  of  T -state-forms 
with  respect  to  the  continuation  symbol  c.  A  T -dtree  is  either  the  closure  of  a 
T-form  in  a  T-environment  or  a  continuation  application  dtree  (capp).  A  T- 
continuation  is  either  the  identity  pfn  I,  or  a  pfn  with  body  a  T -state-form,  argu¬ 
ment  symbol  a  value  symbol  and  environment  an  T -state-environment.  A  T-state 
is  either  a  terminal  state  I' or  a  T-state-form  closed  in  a  T-state-environment. 

The  following  facts  about  T -instructions  and  T -states  follow  easily  from  the 
definitions.  The  key  point  is  that  T -states  are  evaluated  by  reduces-to  steps  with 
limited  side  computations  and,  when  defined,  T -states  return  T -values. 


176 


Abstract  machines  and  compiling  morphisms 


§vn.2 


T  notation 


Variables  Range  Variables  Range 


s’' 

value  symbols  ] 

r 

value  instructions 

0 

operation  symbols  | 

f* 

state  forms 

c,  c* 

continuation  symbols 

Value  instructions  State  forms 

(vsym)  (mt)  mt  (ret)  c(f*’) 

(dapp)  ©(s")  (cart)  cart^, «")  (if)  if(f‘’,ft,fe) 

(abs)  A(tf*’,c)f*  (fst)  fst(«®)  (call)  «*(«a>c) 

(note)  A(«*',C*)c(«’')  (rst)  rst(s")  (cbnd)  let{c A(s”)fo}f* 

(vbnd) 

T -Forms:  A(c)f* 

T-Dtrees:  (close)  (A(c)f*  |  (capp)  (A(c*)c(«‘’)  | 

T-Continuations:  (id)  I  (cont)  {A(#'')f*  | 

T-States:  (ter)  l*v^  (nter)  (f*  I 

T-Environments  [§y^  *>-  V^*]  ^^(o)  =  7^}(o)  =  o 

T  Ii\iections  and  Operations 

(data)  =  d 

(dop)  0*^  =  A(«",c)c(o(«”)) 

(close)  c/o«e(f'’’,^^)  =  (f*^  | 

(appl)  opp/(i?^,  v^)  = 

(pfn)  p/n(s“,r,^^)  =  (A(s’')r 

(note)  7^  E  =  (A(«^  c*)c(s*')  I  c  ^  7"^) 

(idcont)  I 

(begin)  7'*'  v  D'''  =  5'''  '7''' 

(return)  7^  v  =  7^  ' 

(step) 


Figure  21.  The  Rum  Tree  Machine 
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■  Value  instruction  lemma.  When  defined,  a  value  instruction  closed  in  a 
T -state-environment  returns  a  T -value. 

<f"  I  -  oeCV^r 

The  evaluation  of  a  value  instruction  in  a  T-state-environment  is  of  bounded 
(small)  size  independent  of  the  environment.  A  value  instruction  is  undefined 
only  in  the  case  of  data  operation  application  where  the  argument  is  not  a  data 
sequence. 

■  T -states  are  closed  under  reduces-to. 

l>o  €  A  5o  ^  Hi  € 

■  If  a  T -state  is  defined  then  the  value  is  a  T -value  and  the  state  reduces  to  the 
terminal  state  returning  that  value. 

Remark.  We  have  arranged  the  definitions  so  that  each  state-form  heis  a  unique 
free  continuation  symbol  c.  The  additional  continuation  symbol  c*  is  used  only  in 
the  note  instruction  where  it  necessary  to  name  both  the  continuation  argument 
and  the  continuation  contained  in  the  noted  environment.  This  is  consistent  with 
the  single  current  continuation  used  in  s-Zum  computation  and,  using  the  note 
instruction  multiple  contexts  can  be  kept  in  the  environment.  In  practice  continu¬ 
ations  might  be  represented  as  actual  host  machine  state,  while  the  representation 
in  the  computation  domain  is  a  data  structure  with  sufficient  information  to  create 
the  corresponding  host  machine  state.  Packaging  and  unpackaging  these  contexts 
could  be  expensive  operations.  Thus  having  several  host  machine  contexts  allows 
one  to  switch  contexts  more  efficiently.  It  is  easy  to  modify  the  definitions  so  that 
any  number  of  free  continuation  symbols  may  occur. 


VII.3.  Machine  morphisms 

A  Zum  machine  morphism  (known  herein  as  morphism)  maps  one  machine 
structure  A  to  another  B.  The  purpose  of  such  a  morphism  is  to  provide  a  rep¬ 
resentation  of  the  computation  descriptions  and  structures  of  >1  as  objects  of  B 
and  to  prescribe  how  computations  of  A  are  carried  out  in  S.  As  the  terminology 
suggests,  a  morphism  should  preserve  the  essential  features  of  machine  structure. 
In  particular  a  morphism  is  a  family  of  maps  -  one  for  each  domain  -  such  that 
the  mapping  commutes  with  the  injection  mappings,  the  construction  operations 
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and  with  sequence  and  environment  constructions.  It  also  must  commute  with 
stepping.* 

Let  A  and  fl  be  machine  structures  over  (J),  Sy)  and  let  f  be  a  family  of  maps 
from  objects  of  A  to  objects  of  B  of  the  corresponding  sort.  We  write  for  the 
image  of  under  t  letting  the  object  sort  determine  which  element  of  the  family 
of  maps  t  is  being  applied.  The  requirements  for  a  morphism  listed  above  are 
spelled  out  by  the  following  items. 

•  t  commutes  with  injection  mappings 

(sym)  (5^)^  =  s® 

(data)  =  d® 

(dop)  =  o® 

•  t  a-cts  componentwise  on  values  and  environments. 


•  t  commutes  with  construction  operations 

(close) 

1  1 

(appl) 

(pfn) 

{X{s*y^  1  £^>^  =  (A(s^t)f>it  1 

(note) 

(^>«  e  v^)t  =  (7^t)  e  V® 

(idcont) 

(begin) 

(7^  V  D^)l  =  (7^^)  V  (D^^) 

(return) 

(7^  A  u^)'!  =  (7^^)  A  (u^^) 

^  We  consider  here  only  morphisms  that  commute  with  stepping  in  a  very  strong  sense. 
This  requirement  is  adequate  for  our  present  purpose,  but  is  too  limiting  in  general. 
What  is  needed  is  the  existence  of  “derived”  stepping  relations  such  that  the  morphism 
carries  a  derived  relation  for  machine  to  a  derived  relation  for  machine  S . 


§vn.4 


A  morphism  from  Ji.  to  T 


179 


•  t  commutes  with  stepping:  if  fo  >— ><.  fo  then  fo  t  and  if  =  fo  t 

and  Co  then  Co  where  Ci  =  fi*^-  This  is  summarized  in  the 

diagram  below. 

Co  Cl 

it  it 

Co  Cl 

■  A  simple  consequence  of  the  morphism  requirements  is  that  t  also  commutes 
with  application  of  pfns  to  values. 


VII.4.  A  morphism  from  Z  to  T 

We  say  a  Zum  machine  structure  W  is  a  Zum  machine  if  the  objects  of  Z  can 
be  represented  as  objects  of  A  and  the  computations  of  Z  can  be  CEirried  out  in  A. 
In  other  words,  is  a  Zum  machine  if  there  is  a  machine  morphism  from  ^  to  >1. 
To  show  that  T  is  a  Zum  machine  we  define  a  morphism  f  from  Z  to  T .  From 
the  requirements  for  morphisms  we  see  that  a  morphism  from  Z  is  determined  by 
its  action  on  forms  2md  continuations.  The  basis  of  the  definition  of  the  map  f  is 
a  map  X  from  forms  to  state-forms,  f  on  forms  is  defined  by 

('  =  A{c)f>. 

The  action  of  f  on  continuations  is  essentially  determined  by  t  and  the  strong  com¬ 
muting  requirement  for  stepping.  The  maps  J  on  forms  and  and  f  on  continuations 
are  defined  in  Figure  22. 

A  form  with  an  immediate  value  maps  to  c(f*’),  where  f"  is  a  value  instruction 
generating  the  corresponding  value.  [Recall  that  c  is  the  current  continuation 
symbol.]  For  example,  mt*  =  c(mt)  and  we  have 

'Y  V  mt  >—*t  7^0 

it  it 

(c(mt)  I  c 7^)  7^'d 

The  image  of  a  form  describing  a  composite  computation  is  let{c 
where  fj  is  the  image  of  the  form  describing  the  first  subcomputation  and 
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Mapping  forms  to  state-forms 
«*  =  c(«^)  mt*=c(mt) 

(A(s)fbody)^  —  c(A(s  >C)fbody^) 

(if  (fte8t)fthen>fel»e))^  —  l6t{C -4- lfi(fthen^  j  fel»e^)}ftest^ 

(app(ffun)farg))^  —  let{c  ■4-  3PPl(f»rg^)}ffun^ 

(cart(fih„frh«))*  =  let{c-«-cartl(frh.*)}fihs* 

(fst(f))*  =  let{c-«-fstc()}f* 

(rst(f))*  =  let{c  -4-  rstc()}f* 

(note(s)f)*  =  \et{a'^  A(«",c*)c(s’')}f* 

Mapping  continuations  to  cpfns 

Id^  =  I 

(70  (lfi(fthen,feUe)  I  =  (ifi(fthenSf«Ue^)  I  -4- Tf^}) 

(7®  <Appi(f»rg)  I  0)^  =  (aPPKfarg*)  I  ^^€-(-7^}) 

(7  O  Appc(i;fu„))^  =  (appcCsf")  I  Sf”  l;fun^  c  -e  7^) 

(70  (Carti(frh.)  I  =  (carti(frh.*)  I  ^Uc-^7^}) 

(70  Cartc(vih,))^  =  <cartc(«i')  I  si”  Vlh,^c-^-7^) 

(70  Fstc)^  =  (fstc()  I  c-<-7^> 

(70  Rstc)^  =  (rstc()  I  c-4-7^) 

where 

ifi(fi,f2)  =  A(«t’'e8t)(«t“8t,fi,f2)  X  Cst  not  free  in  (fi.fj) 

df 

appi(f)  =  A(sf’)let{c  appc(sf')}f  %  Sf  not  free  in  f 

df 

cartl(f)  =  A(«|*’)let{c -4- cartc(fii*')}f  X  8\  not  free  in  f 

df 

appcCs,")  =  A(si:)s,«'(s",c)  fstcQ  =  A(s‘’)c(fst(s‘')) 

df  df 

cartc«)  =  A(s")c[si",«”]  rstc()  =  A(«’')c(rst(s‘')) 

df  df 


Figure  22.  Definition  of  f  :  [J2  T] 
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is  a  continuation  segment  corresponding  to  the  context  for  the  begin  step  for  the 
composite  form.  For  example 

(3PP(ffun>farg))^  =  l6t{c appi(farg^)}ffun^ 

O  (Appi{farg)  I  0)^  =  (aPPi(farg*)  I  £Uc-<-7^» 

(7  o  Appc(t;fun))^  =  {appc(Sf®)  1  -e  t;fun^c^7^) 

where  appi  and  appc  are  derived  form  constructions  defined  in  Figure  22.  For 
app-states  we  have 

7  V  (app(ffun>farg)  I  C)  7®  {Appi(farg)  I  (ffun  I  0 

it  it 

(let{c  appi(farg*)}ffun*  I  7^}>  (ffun*  I  ^*{c  7rppi}> 

7rppi  =  (appi(farg*)  I  ^*{c-^7*})  =  (70  {Appi(farg)  I  ^»*. 

For  appi-states  we  have 

70  (Appi(farg)  I  0  ^  *^fun  7  ©  Appc(t>fun)  (farg  I  0 

it  it 

7rppi'vfun*  (farg*  I  ^*{c -e  7rppc}> 

where 

7jppc  =  (appc(sf’)  I  s"  «fun*,c^7*>  =  {70  Appc(t;fun))*. 


For  appc-states  such  that  Wfun '  Varg  is  well-formed  we  have 

70  Appc(Ufun)  ^  Varg 

^  ^  t^fun  ^  ^arg 

it 

it 

/vT  If,  t 

/appc  ’'arg 

(^fun  ^  t^arg)^ 

If  Vfun^Varg  is  well-formed  then  Ufun*  is  a  pfn,  with  a  value  argument  and  a 
continuation  argument  and 

(7appc  ^'arg)*  =  (^f*  (^a  >  I  *^arg*>  C 7*) 

((Vfun't;arg)'7^)*  =  Vfun* '(^arg*,  7^  *) 

If  Wfun'warg  is  not  well-formed  then  both  7  o  Appc(t;fun)  t^arg  and  (7rppc'warg)* 
hang. 
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■  Morphism  theorem.  It  follows  from  (i-iii)  that  t  is  a  morphism. 

(i)  is  a  state-form  for  each  f  and  ^Ms  a  T  continuation  for  each  7.  Hence  f 
defines  a  family  of  maps  from  R  objects  to  T  objects  of  the  correct  sort. 

(ii)  t  is  an  injection  of  JS-forms  into  T -state-forms  and  f  is  an  injection  of  R  into 
T. 

(iii)  t  commutes  with  stepping.  For  the  mt-  and  app-cases  this  follows  from  the 
diagrams  above  using  injectiveness  of  f-  The  remaining  cases  are  similar. 

VII.5.  Mapping  and  optimizing  Car 

Now  we  resume  work  in  the  global  S-expression  context  developed  in  §IV.5 
and  apply  the  morphism  t  to  the  pfn  Car.  Define 

>  PairUnD  ^  A{x,c)c(PairUn(x)) 

>  CarD  ^  A(x,c)let{c-<- A(y)c(fst(y))} 

let{c  A(f)let{c  A(z)f(z,  c)}c(x)} 
c(PairUnD) 


Then  we  have 

PairUn^  =  PairUnD  and  Car^  =  CarD 

[D  for  “dagger”].  The  naive  “compiling”  of  Car  makes  no  use  of  information  about 
the  global  context.  A  natural  definition  of  the  tree  machine  version  of  Car  is 

>  TmCar  ^  A{x,c)let{x-<- PairUn(x)}c(fst(x)) 

and  we  have  CarD  =  TmCar.  A  more  sophisticated  compiler  would  have  informa¬ 
tion  about  what  symbols  are  bound  to  data  operations  in  the  global  environment 
and  would  use  the  data  apply  instruction  rather  than  pfn  call  thus  producing 
something  closer  to  TmCar.  An  alternative  to  modifying  the  compiler  is  to  use 
program  transformations  to  optimize  the  results  of  naive  compiling.  For  example 
using  the  laws  of  §VI.2  we  can  derive  TmCar  from  CarD  as  follows. 
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(i)  let{c-<- A(f)let{c-<- A(z)f{z,c)}c(x)}c(PairUnD)  =  c(PairUn(x)) 

X  see  below 

(ii)  let{c-e  A(y)c(fst(y))}let{c-<- A(f)let{c-<-  A{z)f(z,c)}c(x)}c(PairUnD) 

=  let{c  A(y)c(fst(y))}c(PairUn(x)) 

X  abstraction  of  (i),  with  respect  to  c,  note  c  is  not  global,  and 

X  application  of  both  sides  to  A(y)c(fst(y)) 

(iii)  ^  let{y-<- PairUn(x)}c(fst(y)) 

X  let-elimination  in  ii.rhs 

(iv)  CarD  =  TmCar 

X  abstraction  of  (iii)  with  respect  to  (c,x),  using  c,x  non-global 

Equation  (i)  is  derived  by  a  sequence  of  let-eliminations  plus  unfolding  of  the 
PairUnD  definition. 

Iet{c A(f)let{c-<-  A(z)f(z,c)}c(x)}c(PairUnD) 

=  let{f PairUnD}let{c-<- A(z)f(z,  c))}c(x)  X  let-elimination 
=  let{c-<- A(z)PairUnD(z,c)}c(x)  X  let-elimination 
=  let{z-<-x}PairUnD(z,c)  X  let-elimination 
=  PairUnD(x,c)  X  let-elimination 
=  {A(x,c)c(PairUn(x))}(x,c)  X  [unfolding  PairUnD] 

=  c(PairUn(x))  X  let-elimination 

Note  that  the  let-elimination  of  step  (iii)  and  most  of  those  in  the  derivation  of  (i) 
are  instances  of 

let{so A(si)fi}so(fo)  —  let{si 
or  in  terms  of  application 


{A(so)so(fo)}(A(si)fi)  =  {A(5i)fi}fo- 
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VII.6.  Remarks  about  Zum  machine  structures  and  morphisms 

•  The  combination  of  program  transformations  and  machine  morphisms  in  Zum 
provides  tools  for  defining  compilers  and  proving  properties  of  compilers  in  a  world 
where  the  computation  domain  contains  computation  abstractions  such  as  pfns 
and  continuations.  In  this  context  one  can  study  and  relate  source  to  source, 
source  to  target,  and  target  to  target  transformations.  In  practice,  some  of  these 
transformations  will  be  integrated  into  the  compiler  and  some  will  be  applied 
before  and  after  compiling. 

•  The  notions  of  abstract  machine  structure  and  compiling  morphism  can  be 
compared  to  the  algebraic  view  of  structuring  compilers  (see  for  example  Morris 
[1973]  and  Thatcher,  Wagner,  and  Wright  [1980]).  Here  there  is  a  source  language 
Lo,  a  target  language  Li,  a  semantic  domain  Dq  for  Lq,  and  a  semantic  domain  Di 
for  Li.  A  compiler  is  a  map  7  from  Lq  to  Li,  a  semantics  for  Li  is  a  map  ipi  from 
Li  to  Di,  and  an  encoding  is  a  map  6  from  Dq  to  D\.  Compiler  correctness  with 
respect  to  the  semantics  and  encoding  maps  is  the  requirement  that  the  following 
diagram  commutes 

Lo  Li 

J.  ^0  i 

L>o  L>i 

that  is,  V’l  o  7  =  c  o  V'o-  hi  order  to  prevent  trivial  cases  such  as  Li  and  L>i  being 
one  point  algebras,  further  requirements  are  needed.  One  possibility  is  to  require 
that  the  encoding  morphism  be  injective. 

The  initial  algebra  view  is  that  Lo  is  an  initial  ^-algebra  for  some  signature 
Q.  Thus  the  compiler  7  is  uniquely  determined  by  defining  a  ^-algebra  structure 
on  Li  and  a  semantics  V'o  for  Lq  is  uniquely  determined  by  defining  a  ^-algebra 
structure  on  Dq.  The  specification  is  completed  by  defining  a  ^-algebra  structure 
on  D\  and  checking  that  that  V’l  and  e  are  ^-morphisms.  Then  V’l  o  7  =  c  o  0o 
since,  by  initiality,  there  a  unique  morphism  from  Lq  to  Di. 

By  definition,  there  is  a  machine  morphism  from  R  to  each  Hum  machine  A, 
and  this  morphism  is  determined  by  its  action  on  forms  and  continuations.  Thus 
Z  is  like  an  initial  object  and  form  and  continuation  constructions  determine  a 
‘signature’.  Defining  the  image  of  these  constructions  is  analogous  to  defining 
corresponding  constructions  in  the  target  machine  structure.  The  semantics  that 
is  preserved  is  the  structure  of  the  computations. 

•  The  tree  machine  T  and  morphism  f  constitute  a  normal  form  theorem  for 
Rum  (see  §1.5  for  a  discussion  of  normal  form  theorems).  For  most  computation 
theories,  a  normal  form  theorem  requires  the  ability  to  encode  descriptions  of 
computation  and  computation  states  in  the  underlying  data  structure.  In  Rum 
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this  capability  is  provided  by  the  uniform  abstraction  and  application  computation 
primitives.  This  is  a  stronger  normal  form  theorem  than  usually  given  in  the  sense 
that  the  transformation  to  normal  form  (the  morphism)  preserves  both  intensional 
and  extensional  meaning  of  descriptions. 

•  The  tree  machine  T  and  morphism  f  provides  a  formal  connection  between 
explicit  continuations  (continuation  pfns  as  an  additional  argument)  and  implicit 
continuations  (continuations  as  a  component  of  the  computation  state). 

•  Similar  transformations  to  a  sequential  fragment  of  an  AE-like  language  have 
been  used  by  Fischer  [1972]  to  analyze  the  limitations  of  a  stack  based  implemen¬ 
tation  of  closures  and  by  Steele  [1978]  in  a  compiler  for  Scheme.  Fischer  essentially 
ignored  computations  that  returned  functions  as  values.  Steele’s  treatment  is  very 
informal. 
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Chapter  VIIL  Review  and  concluding  remarks 


This  chapter  contains  an  assortment  of  concluding  remarks.  In  §1  the  main 
achievements  of  the  work  in  Rum  are  reviewed.  We  summarize  the  features  and 
what  they  provide  as  tools  for  reasoning  about  computation,  and  point  out  the 
main  new  ideas  and  results.  In  §2  we  make  some  further  remarks  about  our 
choice  of  basic  notions.  The  presentation  of  Rum  has  been  liberally  sprinkled  with 
remarks  about  relevant  related  work.  However  there  are  some  additional  points  to 
be  made.  This  is  done  in  §3.  In  §4  we  conclude  with  some  discussion  of  applications 
and  extensions  of  Rum  and  of  future  directions  of  work. 


VIII.l.  Review 


VIII.1.1.  What  we  can  do 

A  variety  of  sorts  of  objects  and  a  mixture  of  syntactic  and  semantic  notions 
have  been  introduced  in  Rum  in  order  to  express  naturally  different  aspects  of 
computation.  Forms  aire  the  basic  syntactic  entities.  The  semantic  entities  include 
environments,  dtrees,  pfns,  computation  stages,  continuations,  and  states. 

Interpretations  of  forms 

Forms  constitute  a  primitive  programming  language.  The  work  in  Rum  pro¬ 
vides  a  variety  of  interpretations  of  forms  accounting  for  the  different  views  of 
symbolic  expressions  that  occur  in  practice  and  including  several  traditional  types 
of  semantics  such  as  operational  and  denotational  semantics,  as  well  as  an  inten- 
sional  semantics.  In  particular,  we  have 

■  Forms  and  semantic  entities  as  data  to  be  operated  on  -  the  underlying  alge¬ 
braic  structure  provides  an  interpretation  of  forms  and  objects  of  the  semantic 
domains  as  data  structures.  The  operations  and  relations  defined  (excluding 
comparison  relations)  are  Rum  computable  functions  on  these  data  structures. 

■  Forms  as  descriptions  of  computation  -  viewing  computation  as  a  process  of 
generating  computation  structures  such  as  computation  trees  or  sequences 
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of  computation  states  allows  us  to  represent  properties  of  computations  de¬ 
scribed  by  forms  as  properties  of  computation  structures  and  to  relate  op¬ 
erations  on  descriptions  to  operations  on  the  described  computations.  This 
provides  an  intensional  semantics. 

.  Operational  semantics  -  the  evaluation  relation  provides  an  operational  se¬ 
mantics  -  a  means  of  determining  the  value  denoted  by  a  form  relative  to  an 
interpretation  of  free  symbols  in  the  computation  domain. 

•  Denotational  semantics  -  the  maximum  equivalence  =  provides  a  denotation 
of  forms  f  as  a  partial  function  |fj  from  environments  to  the  computation 
domain  modulo  =. 

(denote)  |fl(£)  [v\^  (3u  =  u)((f  1  ^ 

In  other  words,  we  have  an  interpretation  of  pfns  as  partial  functions  on 
computation  domain  modulo  =  . 

(fun)  {^}£;([t;Js;)  [ujsi  =  (3uo  =  u){(p' v  uo) 

df 

•  Towards  a  Zum  calculus  -  the  maximum  equivalence  contains  the  equations 
of  a  Zum  calculus  expressed  in  the  language  of  forms.  This  calculus  contains 
the  laws  of  the  call-by-value  lambda  calculus  (Plotkin  [1975])  and  additional 
laws  for  if,  mt,  cart,  fst,  and  rst.  Using  the  improved  recursion  theorem  we 
also  have  a  call-by-value  analog  of  the  equational  theory  for  LAMBDA  (Scott 
[1976])  which  contains  many  equations  not  provable  in  the  lambda  calculus. 

Representation  of  programming  tools  and  styles 

Abstraction  (pfn  formation  and  continuation  noting),  application,  and  se¬ 
quence  primitives  allow  us  to  represent  naturally  a  variety  of  programming  styles 
and  computation  mechanisms.  We  have  shown  how  to  represent  control  and  data 
abstraction  mechanisms  including  systems  of  recursively  defined  functions,  both 
first  order  and  higher  order;  sequence  recursion  schemes;  streams;  tree-structured 
objects  and  tree  search  schemes;  escape  mechanisms;  and  co-routines.  We  have 
even  illustrated  how  to  program  viewing  Zum  as  a  machine  language. 

Proving  properties  of  programs 

The  recursion  theorem  and  computation  induction  allow  traditional  first  or¬ 
der  verification  methods  to  be  represented  and  used  in  Zum.  These  include  as¬ 
sertion  methods  for  flowchart  or  loop  programs  (Manna  [1969],  [1978]);  struc¬ 
tural  induction  for  computations  over  the  S-expressions  (Burstall  [1969],  Boyer- 
Moore[1979]);  subgoal  induction  (Morris  and  Wegbreit  [1976]);  recursion  induc¬ 
tion  (McCarthy[l963b]);  and  McCarthy’s  minimization  scheme  (McCarthy  and 
Cartwright  [1979]).  The  improved  recursion  theorem  allows  a  version  of  Scott’s 
fixed  point  induction  to  be  represented  in  Zum. 
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VIII.1.2.  What  is  new 

•  The  reduces-to  relation.  The  reduces-to  relation  (§rV’.2)  identifies  subcom¬ 
putations  which  can  simply  replace  the  parent  computation  rather  than  returning 
a  value  to  it.  This  relates  to  features  of  the  continuation-passing  style  (see  §1.4) 
such  as  not  returning  a  value,  and  computation  with  no  buildup  of  external  state. 
The  reduces-to  relation  also  plays  a  key  role  in  defining  machine  structures  on 
t-Rum. 

•  Context  insensitivity  for  sequential  computation.  The  dtree  classifi¬ 
cation  theorem  (§V.3)  says  that  even  computations  using  context  switching  have 
useful  structure.  This  will  be  an  important  tool  in  further  investigations  of  equa¬ 
tions  satisfied  by  forms  and  dtrees  in  s-Rum. 

•  Context  independence  for  sequential  computation.  The  extension  of 
computation  relations  of  t-Rum  such  as  evaluation,  reduces-to,  and  ctree  equiv¬ 
alence  to  descriptions  of  sequential  computation  (§V.3)  provides  tools  for  encap¬ 
sulating  context  dependence  and  reasoning  about  programs  as  though  they  de¬ 
scribed  tree-structured  computation  except  when  looking  inside  a  computation 
that  involves  context  noting  and  switching. 

•  Comparison  relations.  The  notion  of  comparison  relation  (Chapter  VI) 
seems  not  to  have  been  formulated  previously.  In  addition  to  allowing  us  to  account 
for  important  aspects  of  extensional  model’s  of  the  lambda  calculus  such  as  the 
graph  model,  there  axe  some  new  ideas. 

•  using  the  notion  of  comparison  relation,  extent  is  derived  naturally  from  intent 

•  the  rich  hierarchy  of  comparisons  provides  a  variety  of  denotations  for  forms, 
dtrees,  and  pfns 

■  the  pfn  extension  theorem  (§VI.3)  and  the  dtree  extension  theorem  (§VI.4) 
provide  tools  for  constructing  and  proving  properties  of  comparisons. 

•  the  notion  of  recursion  pfn  and  the  improved  recursion  theorem  (§VI.2)  pro¬ 
vide  a  connection  between  the  computational  characterization  of  recursion 
found  in  computation  theories  and  the  topological,  extensional  characteriza¬ 
tion  of  recursion  given  by  the  least  fixed  point  theorem  for  the  graph  model 
(see  §1.5). 

•  Foundations  for  a  theory  of  program  transformations.  The  inter¬ 
pretation  of  forms  as  descriptions  of  computation  together  with  the  hierarchy  of 
denotations  for  forms  based  on  comparison  relations  provides  both  meanings  to 
preserve  and  meanings  to  transform.  Thus  we  have  a  semantic  foundation  for  a 
rich  theory  of  program  transformations.  In  addition,  transformations  involving 
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non-trivial  majiipulation  of  pfns  and  continuations  can  be  treated.  This  was  illus¬ 
trated  by  the  derivations  of  defining  equations  for  Tprodl  and  Tprod2  (§11.3)  and 
by  the  derivation  of  alternative  descriptions  of  parameterized  recursion  (§VI.2). 

•  Machine  structures  and  compiling  morphisms.  The  notions  of  Zum 
machine  structure  and  morphism  (Chapter  VII)  are  a  step  towards  developing  an 
abstract  notion  of  the  machine  underlying  the  kum  model  of  computation.  Com¬ 
bined  with  program  trzmsformations,  machines  and  morphisms  provide  a  paradigm 
for  defining  and  proving  properties  of  compilers.  What  is  new  here  is  (i)  the  idea 
that  the  structure  being  preserved  is  the  computation  structure  and  (ii)  in  JSum  one 
can  express  both  properties  preserved  by  program  transformations  and  properties 
transformed.  The  representation  of  abstract  machines  in  i-kum  (§VII.2)  allows  us 
to  apply  the  tools  developed  for  studying  computation  in  t-.^um  to  problems  of 
operating  on  and  proving  properties  of  machine  programs.  In  addition,  the  kum 
machine  morphism  defined  in  §VII.3  gives  a  formal  connection  between  continua¬ 
tions  as  pfns  and  continuations  as  computation  contexts. 

•  Programming  and  proving  with  functional  and  control  abstractions. 
We  have  defined  and  proved  correct  several  pfns  describing  computations  not  han¬ 
dled  by  traditional  verification  methods. 

■  using  continuation  pfns  for  backtracking  -  the  pattern  matcher  (Appendix  B) 

■  using  continuations  for  escaping  -  tree  product  examples  (§11.2)  and  DoUntil 
(§V.4) 

•  using  continuations  for  co-routining  -  transforming  a  sequence  of  3-element 
strings  to  a  sequence  of  2-element  strings  (§V.5) 

We  have  given  definitions  of  some  informal  concepts  such  as  streams  (§IV.6)  and 
co-routines  (§V.5)  and  have  begun  development  of  the  mathematical  theory  of 
these  objects.  Pfnls  were  used  to  describe  operations  on  streams  (§IV.6)  and  to 
describe  strategies  for  searching  tree  structures  (Appendix  B).  General  properties 
of  such  pfnls  were  proved  and  used  to  prove  properties  of  pfns  constructed  from 
these  pfnls. 

•  Derived  properties  and  programs.  In  Appendix  B  we  define  a  class  of 
properties  of  computation  trees  called  derived  properties  and  a  derivation  map  on 
forms  and  other  objects  of  kum.  We  show  that  the  derivation  of  a  form  computes 
the  derived  property  of  the  computation  tree  described  by  the  given  form.  In 
general,  derivations  provide  a  means  of  identifying  classes  of  intensional  proper¬ 
ties  of  computations.  Derivation  maps  provide  a  method  with  a  sound  semantic 
basis  for  mechanical  transformation  of  intensional  properties  to  extensional  prop¬ 
erties.  Thus  we  may  use  the  same  basic  tools  and  principles  for  reasoning  about 
both  aspects  of  programs.  In  particular,  derivation  maps  can  be  a  useful  tool  for 
extending  program  transformation  systems  such  as  [Scherlis  1980].  Derivations 
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can  also  be  used  to  extend  mechanical  theorem  provers  such  as  the  Boyer-Moore 
theorem  prover  [Boyer  and  Moore  1979]  to  treat  intensional  as  well  as  extensional 
properties  of  programs. 


VIII.2.  About  the  choice  of  basic  notions 

Now  that  we  have  seen  something  of  what  can  be  done  in  Zum,  we  take 
another  look  at  some  of  choice  of  basic  notions. 

Why  type-free  application  and  abstraction  as  computation  primitives? 

Briefly,  the  reason  is  that  type-free  application  and  abstraction  are  simple, 
natural,  and  quite  general  primitives  for  expressing  a  wide  variety  of  computation 
mechanisms.  One  disadvantage  of  such  generality  is  that  the  fewer  restrictions  that 
are  imposed  the  less  you  can  say  about  the  system.  On  the  other  hand  there  is 
no  limit  on  the  structured  fragments  that  can  be  identified  and  studied  within  the 
general  untyped  framework.  A  further  advantage  is  the  ability  to  piece  together 
substructures  and  diverse  results  smoothly,  within  a  single  framework.  This  is 
important  because  in  the  long  run  we  want  a  framework  suitable  for  mechanization 
and  a  general  language  for  discussing  computing  with  computers. 

The  work  of  Landin  and  programming  examples  of  Burstall,  Burge,  Sussman 
and  Steel,  Sussman  and  Abelson,  and  Friedman  et.  al.  demonstrates  the  power 
of  AE  as  a  programming  language  and  language  development  tool.  The  work 
in  semantics  demonstrates  the  power  of  AE  as  a  meta  programming  language 
capable  of  defining  a  wide  variety  of  computation  mechanisms.  This  provides  a 
strong  argument  for  AE  as  the  basis  of  a  theory  of  symbolic  computation. 

Why  have  sequences  as  arguments  and  values? 

Two  important  reasons  for  taking  both  arguments  and  values  to  be  sequences 
from  the  computation  domain  axe  simplicity  and  increased  expressiveness.  Hav¬ 
ing  sequences  built  in  as  part  of  the  basic  computation  primitives  means  that  we 
have  the  simplicity  of  needing  only  a  single  binary  application  operation,  while 
at  the  same  time  pfns  are  vari-ary  with  respect  to  arguments  and  values.  This 
provides  a  natural  means  of  expressing  message-passing  style  computation  where 
the  argument  type  depends  on  the  message  type  (the  first  element  of  the  argument 
sequence).  Among  the  examples  presented  in  this  thesis,  sequences  as  values  were 
used  in  formulating  the  notion  of  stream  and  in  derived  descriptions  which  return 
the  value  of  derived  property  together  with  the  result  of  the  original  computa¬ 
tion.  From  an  operational  point  of  view,  the  addition  of  sequence  primitives  is 
like  providing  the  programmer  with  primitives  for  accessing  and  manipulating  the 
argument  stack  component  of  the  computation  state.  In  addition,  the  sequence 
primitives  allow  a  natural  formulation  of  bounded  iteration  and  other  sequence 
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recursion  schemes  independent  of  the  underlying  data  structure.  Sequence  primi¬ 
tives  don’t  add  to  the  recursion-theoretic  power.  If  both  sequence  primitives  and 
conditional  are  omitted  from  Rum  we  still  have  a  call-by-value  lambda  calculus. 
In  particular  the  partial  recursive  number-theoretic  functions  are  representable  in 
this  fragment. 

Why  have  pfns  distinct  from  data? 

More  generally,  why  have  forms,  environments,  dtrees,  continuations,  etc. 
distinct  from  data?  The  point  is  to  obtain  a  balance  of  intensionality  and  exten- 
sionality  and  to  study  computation  structures  and  data  structures  separately.  To 
repeat  the  point  made  in  §1.6,  this  is  essential  if  a  theory  is  to  admit  meaningful 
operations  such  as  program  optimizations,  compiling  and  derivations  converting 
intensional  properties  of  one  program  into  extensional  properties  of  another.  Intu¬ 
itively  the  balance  of  intensionality  and  extensionality  obtained  in  Rum  is  captured 
by  the  following  points. 

-  From  within  a  computation,  pfns  are  extensional.  A  pfn  can  only  be  pzissed 
around,  put  into  environments,  or  applied.  Two  pfns  can  be  distinguished  by 
another  pfn  only  if  application  to  some  argument  results  in  value  sequences 
of  different  length  or  containing  different  corresponding  data  elements. 

■  From  without,  pfns  have  structure  and  computational  content.  They  can  be 
constructed,  taken  apart,  and  transformed.  A  pfn  together  with  an  argument 
describes  how  the  computation  of  the  denoted  value  is  to  be  carried  out. 

Comparison  to  logical  notions.  The  treatment  of  computation  separately 
from  data  is  similar  to  the  formulation  of  first  order  logic  in  contrast  to  a  particular 
first  order  theory  such  as  Peano  arithmetic.  Computation  primitives  play  the  role 
of  logical  connectives.  Data  and  data  operations  play  the  role  of  individual  and 
function  constants.  An  important  distinction  between  first  order  logic  and  Peano 
arithmetic  is  that  the  meaning  of  successor  is  determined  by  its  interpretation  in 
the  model  of  natural  numbers  while  the  meaning  of  logical  connectives  such  as  A 
or  3  is  determined  by  the  notion  of  satisfaction  which  is  uniformly  parameterized 
by  the  interpretation  of  non-logical  symbols  in  a  given  model. 

The  evaluation  relation  provides  a  semantics  for  the  form  constructions  in 
much  the  same  way  that  the  notion  of  satisfaction  provides  a  semantics  for  logical 
operations.  Thus  we  might  write 


C  |=f  y 
for 

(f  u>  ^  V- 
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A  more  general  notion  of  satisfaction  is  obtained  by  thinking  of  forms  as  terms 
a  language  for  expressing  properties  of  the  computation  domain  with  relation 
symbols  denoting  dtree  relations.  For  any  set  of  environments  Ey  and  any  dtree 
property  $  define 

=  (Ve€£)4((fo  I  I  0) 

di 

As  in  a  logical  system,  having  the  interpretation  of  expressions  uniformly  param¬ 
eterized  by  the  given  data  structure  means  that  we  have  a  uniform  method  for 
combining  the  theory  of  computation  primitives  with  that  of  a  given  data  struc¬ 
ture  to  obtain  a  theory  of  computation  over  the  given  structure.  For  example,  we 
have  Peano  arithmetic  -  a  first  order  theory  over  natural  numbers  and 
-  a  computation  theory  over  S-expressions. 

Why  environments  rather  than  substitution? 

Forms  and  environments  correspond  to  important  local  components  of  com¬ 
putation  states.  This  representation  of  descriptions  of  computation  allows  uni¬ 
form  separation  of  syntax  and  semantics  and  of  control  and  data.  It  also  reflects 
practice.  Forms  and  environments  have  independent  existence  as  concepts  in  spec¬ 
ifying,  building,  and  extending  programming  systems.  The  separation  is  crucial 
when  Zum  is  extended  to  a  model  of  computation  in  which  there  are  objects  with 
internal  state.  It  is  the  environment  component  of  a  pfn  that  has  internal  state. 
Forms  remain  purely  static  syntactic  entities. 

Why  formulate  two  computation  processes? 

The  advantage  of  a  language  describing  tree-structured  computations  is  that 
functional  abstreictions  (pfns)  can  be  viewed  as  functions.  Rich  equational  theories 
for  such  languages  exist  and  ordinary  means  of  reasoning  about  partial  functions 
can  be  used.  The  value  of  an  expression  depends  only  on  the  value  of  (immediate) 
subexpressions,  and  general  laws  for  substitution  hold. 

The  disadvantage  is  the  complexity  of  the  code  needed  to  describe  certain  com¬ 
putation  mechanisms  which  are  inherently  context  dependent.  Recall  for  example 
the  difference  for  such  simple  programs  as  the  tree  product  examples  (Chapter  II). 
If  limited  to  tree-structured  computation  primitives,  the  programmer  must  di¬ 
rectly  represent  and  manage  the  computation  state.  This  is  not  only  unpleasant, 
but  unreliable. 

The  introduction  of  control  abstractions  provides  the  best  of  both  worlds 
from  a  programming  point  of  view.  Using  the  context  insensitivity  and  context 
independence  results  for  sequential  computations  we  see  that  we  only  have  to  pay 
the  price  (in  complexity  of  reasoning  about  programs)  for  control  abstractions 
when  we  are  really  using  them. 
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The  functional  interpretation  of  pfns  describing  context  dependent  computa¬ 
tions  can  be  recovered  in  a  number  of  ways.  The  basic  idea  (due  to  Morris  and 
Wadsworth)  is  to  provide  continuations  as  part  of  the  semantic  domain.  To  re¬ 
cover  directly  the  functional  interpretation,  imagine  that  forms  have  an  unnamed 
continuation  parameter  which  is  carried  along  during  the  process  of  computation. 
Each  pfn  is  assumed  to  have  an  additional  unnamed  continuation  argument  and 
the  current  continuation  is  supplied  along  with  the  named  argument  when  a  pfn  is 
applied.  This  is  essentially  the  s-^um  interpretation.  The  machine  morphism  from 
the  s-Rum  to  t-Rum  provides  an  alternative  means  of  recovering  the  functional  in¬ 
terpretation.  By  the  definition  of  morphism  these  two  methods  are  isomorphic. 


VIII.3.  Other  work 


VIII.3.1.  Combining  and  contrasting  types  of  semantics 

A  key  feature  of  Rum  is  the  mainy  views  (types  of  semantics)  provided  for 
forms.  Here  we  will  point  out  other  work  in  which  alternative  types  of  semantics 
are  defined  and  used.  For  this  purpose  we  focus  on  tree-structured  computation 
and  consider  four  types  of  semantics  which  we  refer  to  as  intensional,  operational, 
equational  and  denotational.  An  intensional  semantics  interprets  programs  as  de¬ 
scriptions  of  computation  and  provides  a  basis  for  representing  properties  of  these 
computations.  In  Rum  the  intensional  semantics  is  derived  from  the  interpretation 
of  dtrees  by  rules  for  generating  computation  structures.  An  operational  seman¬ 
tics  assigns  to  each  program  the  value  in  the  computation  domain  computed  by 
the  program,  if  any.  Nothing  is  said  about  how  the  value  is  computed.  In  Rum 
the  operational  semantics  is  derived  from  the  evaluation  relation.  An  equational 
semantics  provides  axioms  and  rules  for  deducing  equations  between  expressions 
of  the  language.  This  form  of  semantics  is  not  yet  well  developed  in  Rum,  but  will 
consist  of  axioms  emd  rules  characterizing  fragments  of  the  maximum  equivalence 
relation.  A  denotational  semantics  provides  a  semantic  domain  (a  mathemati¬ 
cal  structure)  and  assigns  to  each  program  (more  generally  to  each  component 
expression)  a  denotation  in  the  semamtic  domain.  Denotations  of  composite  ex¬ 
pressions  are  functions  of  the  denotations  of  component  expressions.  In  Rum  the 
denotational  semantics  of  forms  is  obtained  by  interpreting  the  evaluation  relation 
modulo  the  maximum  equivalence.^ 


^  We  use  the  term  denotational  ais  that  is  the  term  used  in  the  work  discussed.  A  better 
term  would  be  extensional,  since  the  distinguishing  feature  of  the  denotations  in  each 
caise  is  the  extensionality  of  higher  type  objects  in  the  semantic  domains. 
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We  have  already  discussed  work  relating  operational  semantics  of  AE  to  an 
v:^i^ational  semantics  provided  by  a  call-by-value  lambda-calculus  (Plotkin  [1975]). 
Other  works  of  relevance  axe  Gordon  [1975]  treating  operational  and  denotational 
semantics  of  Lisp;  Plotkin  [1977]  treating  operational  and  denotational  seman¬ 
tics  of  a  typed  variant  of  AE;  and  Moschovakis  [1984]  treating  intensional  and 
denotational  semantics  of  systems  of  recursive  definitions. 

Operational  and  denotational  reasoning  for  Lisp.  Gordon  [1975]  gives 
both  operational  and  denotational  semantics  of  pure  Lisp  (with  dynamic  binding). 
The  two  semantics  are  shown  to  be  equivalent  in  the  sense  that  for  any  Lisp 
expression  and  environment  both  semantics  determine  the  same  S-expression  value 
or  both  determine  that  the  value  is  undefined.  Gordon’s  reason  for  defining  the 
operational  semantics  was  to  provide  additional  tools  for  proving  properties  of 
programs  which  reflect  reasoning  based  on  operational  intuitions.  The  equivalence 
of  the  two  semantics  allows  one  to  use  the  semantics  best  suited  for  each  given 
problem.  The  operational  semantics  is  based  on  a  reduction  (step)  relation  on 
S-expressions  coding  Lisp  expression  -  environment  pairs.  From  this  is  derived  a 
subcomputation  relation  and  a  Lisp  induction  principle  similar  to  the  notions  of 
subcomputation  and  computation  induction  in  Rum.  These  are  the  basic  tools  for 
operational  reasoning.  The  denotational  semantics  provides  denotations  of  Lisp 
expressions  in  a  complete  partial  order  using  Scott-Strachey  methods. 

Operational  and  denotational  equivalence  in  LCF.  Plotkin  [1977]  gives 
operational  and  denotational  semantics  for  a  simple  programming  language  based 
on  LCF  (a  logic  for  a  typed  fragment  of  AE  -  see  Gordon  et.  al.  [1979])  and  com¬ 
pares  notions  of  operational  and  denotational  equivalence.  Programs  are  ground 
terms  of  LCF,  which  may  of  course  involve  higher  type  sub  terms.  An  evaluator 
for  programs  is  defined  and  denotations  are  assigned  in  a  standard  LCF  model  (a 
typed  family  of  c.p.o.s)  and  two  extensions  of  this  model.  The  operational  and 
denotational  semantics  agree  in  the  sense  that  they  assign  the  same  value  to  closed 
ground  terms.  However,  natural  notions  of  equivalence  on  programs  derived  from 
the  two  types  of  semantics  turn  out  to  be  different.  Two  terms  (of  the  same  type) 
are  denotationally  equivalent  if  they  have  the  same  denotation  in  all  environments. 
Two  terms  are  operationally  equivalent  if  one  may  be  substituted  for  the  other  in 
any  program  context  without  changing  the  denotation  of  the  program  (see  discus¬ 
sion  of  Plotkin  [1975]  in  §1.4).  The  main  results  are  (i)  denotational  equivalence 
implies  operational  equivalence,  (ii)  operational  equivalence  does  not  imply  deno¬ 
tational  equivalence,  and  (iii)  the  language  can  be  extended  by  adding  a  parallel 
construct  so  that  denotational  and  operational  equivalence  coincide.  This  provides 
an  interesting  analysis  of  the  two  notions  of  equivalence  and  illustrates  the  use  of 
denotational  semantics  to  discover  additional  computation  primitives. 

The  semantic  domains  used  for  the  denotations  all  have  the  property  that 
they  are  generated  from  ground  domains  by  taking  domains  of  type  r  to  be 


§vin.3 


Other  work 


195 


the  domain  of  all  continuous  functions  from  the  domain  of  type  a  to  the  domain 
of  type  T.  It  is  suggested  that  by  choosing  a  suitably  restricted  set  of  functions 
for  domains  of  type  o  — ^  r  one  might  obtain  a  denotational  semantics  such  that 
denotational  and  operational  equivalence  are  the  same  for  the  original  language. 
The  problem  of  finding  such  domains  is  left  open. 

Foundations  for  a  theory  of  algorithms.  Moschovakis  [1984]  is  a  study 
of  the  notion  of  algorithm.  The  basic  questions  are:  What  sort  of  mathematical 
object  is  an  algorithm?  How  are  they  defined  and  constructed? 

The  proposed  answers  are  based  on  the  idea  of  interpreting  (descriptions  of) 
certain  systems  of  functionals  over  a  given  abstract  structure  as  rules  for  computing 
the  least  fixed  point  of  the  system.  These  systems  of  functionals  (currently  called 
recursors)  are  proposed  as  the  mathematical  objects  representing  algorithms.  The 
given  abstract  structures  consist  of  a  many  sorted  domain  of  individuals  and  a 
set  of  functionals  acting  on  tuples  consisting  of  individuals  and  partial  functions 
on  cartesian  product  spaces  of  individuals.  The  given  functionals  are  taken  as 
primitive  recursors,  i.e.  as  computation  primitives. 

A  language  is  defined  for  describing  algorithms.  Individual  terms  are  built 
from  constants  for  given  data  and  functionals,  variables  for  individuals,  and  partial 
function  terms  by  constructions  including  application,  tupling,  projections,  and 
recursion.  Partial  function  terms  are  partial  function  variables  or  terms  formed 
by  lambda  abstraction  from  individual  terms.  Terms  of  the  language  are  assigned 
both  a  denotation,  a  computable  functional;  and  an  intension,  a  recursor.  Of 
course  the  intension  viewed  as  a  functional  is  the  same  as  the  denotation. 

The  main  properties  of  algorithms,  other  than  the  functional  computed,  seem 
to  be  (i)  resources  used  from  the  underlying  structure  and  (ii)  the  stage  of  com¬ 
pletion  -  a  measure  of  the  time  taken  to  carry  out  the  computation.  In  contrast 
to  the  intensional  semantics  provided  by  Rum  the  notion  of  algorithm  does  not  ac¬ 
count  directly  for  structures  generated  in  the  process  of  computation  or  resources 
required  to  carry  out  the  computation  -  such  as  stack.  Such  properties  can  be  ac¬ 
counted  for  by  transformations  of  control  into  data,  i.e.  by  transforms,  such  as  the 
compiling  morphisms  of  Rum,  to  a  subclass  of  programs  where  control  resources 
are  explicitly  represented  in  the  programs.  Alternatively,  by  extending  the  given 
abstract  structure  to  include  data  representing  computation  structures,  one  can 
take  the  algorithm  described  by  a  program  to  be  an  evaluation  function  together 
with  the  code  for  the  prograun. 

The  notion  of  algorithm  seems  to  capture  a  useful  degree  of  intensionality. 
Some  interesting  questions  to  be  answered  are:  What  are  useful  equivalence  rela¬ 
tions  for  algorithms?  What  transformations  preserve  a  given  equivalence?  Several 
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equivalence  relations  have  been  defined  and  studied.  The  basic  ide2is  are  outlined 

•  Algorithmic  equivalence  -  two  terms  are  algorithmically  equivalent  if  they 
differ  by  a  permutation  of  the  variables. 

-  Value  equivalence  -  two  terms  are  value  equivalent  if  in  all  structures  they  are 
assigned  the  same  functional. 

•  Resource  equivalence  -  two  terms  are  resource  equivalent  if  the  intension  of 
each  term  uses  the  same  resources  for  computation  in  any  structure. 

■  Resource  and  stage  equivalence  -  two  terms  are  resource  and  stage  equivalent 
if  the  intension  of  each  term  uses  the  same  resources  for  computation  in  any 
structure  and  computation  is  completed  at  the  same  stage  in  any  structure. 

Algorithmic  equivalence  serves  the  same  purpose  as  the  equivalence  on  form  - 
environment  pairs  induced  by  closure  dtree  formation  in  Zum.  Value  equivalence  is 
simil2Lr  to  the  equivalence  relation  on  forms  obtained  by  requiring  ^-equivalence  for 
all  data  structures.  An  interesting  question  is  whether  any  of  the  Rum  comparison 
relations  capture  notions  of  equivalence  such  as  stage  or  resource  equivalence. 

VIII.3.2.  General  semantic  methods 

The  work  presented  in  this  thesis  treats  a  particular  collection  of  computation 
primitives  zind  structures  for  representing  computation.  The  constructions  of  ob¬ 
jects  and  definitions  of  relations  are  for  the  most  part  uniformly  determined  from 
rules  corresponding  the  computation  primitives.  Thus  there  are  some  quite  gen¬ 
eral  principles  underlying  the  presentation  of  Rum.  In  §1.5  we  mentioned  briefly 
the  Scott-Strachey  methods  based  on  solving  domain  and  semantic  equations  in 
the  category  of  complete  partial  orders.  Below  we  discuss  some  additional  related 
work  focusing  on  general  methods  in  program  semantics. 

Axiomatic  Operational  Semantics.  Plotkin  [1981]  proposes  axiomatic  pre¬ 
sentation  of  operational  rules  for  program  language  constructs  and  evaluation 
mechanisms  as  a  general  methodology  and  give  examples  for  a  variety  of  con¬ 
structs.  Functional  abstractions  are  treated  briefly,  as  arguments  but  not  as  values. 
Control  abstractions  are  not  treated. 

Syntactic  entities  are  given  by  a  special  form  of  inductive  generation  with 
corresponding  principles  of  definition  and  proof  by  induction.  The  axioms  for  op¬ 
erational  rules  provide  deduction  systems  for  both  static  and  dynamic  operational 


*  These  relations  and  results  on  decidability  and  other  logical  matters  were  presented  in 
a  series  of  lectures  given  at  the  CSLI  workshop,  Stanford,  July  1985. 
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semantics.  Static  operational  semantics  include  typing  and  operations  on  expres¬ 
sions  such  as  computing  the  set  of  bound  or  free  variables.  Dynamic  operational 
semantics  provides  an  evaluation  relation.  The  advantage  of  such  a  presentation  by 
separate  rules  for  each  construct  is  that  new  constructs  can  be  defined  by  adding 
new  rules  generally  without  modification  of  rules  for  existing  constructs  (assum¬ 
ing  the  new  constructs  can  be  represented  using  the  same  underlying  computation 
structures) . 

The  method  of  presentation  is  very  similar  to  that  of  Zum.  The  difference  is 
that  Plotkin  deals  with  operational  semantics  in  general  while  Zum  focuses  on  a 
particular  system  and  develops  many  aspects  of  this  system,  including  a  variety 
of  semantic  notions. 

Abstract  Semantic  Actions.  Mosses  [1982]  proposes  semantic  entities  called 
actions  as  the  interpretation  of  programs.  The  basic  ideas  are  illustrated  by  the 
presentation  of  an  initial  algebra  generated  from  basic  actions  and  operations 
constructing  actions,  together  with  axioms  for  equality  of  actions.  Actions  have 
several  liirgely  independent  facets:  they  consume  and  produce  values;  they  create 
and  use  bindings;  they  create,  access  and  update  store.  The  notion  of  facets 
captures  in  an  elegant  way  the  independence  of  various  aspects  of  computation 
and  should  be  important  in  providing  useful  tools  for  reasoning  about  actions. 

Actions  have  rich  expressive  power,  although  it  seems  to  require  some  work 
to  develop  intuitions  about  properties  of  actions.  The  example  presented  accounts 
for  application  and  closure  formation,  including  both  static  and  dynamic  binding. 
Mosses  [1984]  shows  how  mechanism  such  as  non-local  goto,  labels,  etc.  can  be 
treated  using  escape  and  trapping  actions. 

This  basic  approach  has  been  used  to  give  semantics  to  simple  example  lan¬ 
guages  and  for  compiler  correctness.  Work  is  in  progress  on  a  semantics  for  Pascal 
[Mosses  and  Watt  1985].  It  will  be  interesting  to  see  further  development  of  math¬ 
ematical  properties  of  actions  and  how  they  can  be  used  to  study  properties  of 
programs  zmd  operations  on  programs. 

Remark.  Neither  of  the  above  approaches  treat  the  intensional  aspects  of 
programs,  nor  are  they  applied  to  provide  tools  to  prove  properties  of  particular 
programs. 


VIII. 3. 3.  Alternative  languages  and  models  of  computation 

An  important  alternative  to  the  Zum  approach  and  to  functional  program¬ 
ming  in  general  is  the  work  in  logic  programming  (see  for  example  Lloyd  [1984]). 
Separation  of  computation  control  and  data  is  also  an  important  underlying  prin¬ 
ciple  of  logic  programming.  In  the  simplest  case  there  is  little  or  no  control  pre¬ 
scribed  by  the  programmer.  Programs  are  just  axioms  about  the  data  structure 
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■’  are  to  be  used  to  answer  queries  and  control  is  implicit  in  the  deduction 
"icchanism.  A  key  tool  in  the  process  of  finding  answers  to  queries  is  the  use 
of  unification  as  a  variable  binding  mechanism.  A  variety  of  ideas  for  expressing 
control  over  the  search  for  answers  have  been  explored.  We  will  not  attempt  to 
discuss  them  here.  Prolog  (see  Clocksin  and  Mellish  [1984])  is  the  best  known  ex¬ 
ample  of  a  logic  programming  system.  More  relevant  to  the  work  in  Rum  is  recent 
work  on  a  language  called  Qute  (Sato  and  Sakauri  [1984]).  Qute  is  derived  from 
the  Lisp  and  Prolog  traditions  of  computations  described  by  symbolic  expressions 
together  with  an  environment.  The  goal  of  this  work  is  to  synthesize  the  best 
features  of  both  worlds.  Objects  in  the  computation  domain  of  Qute  are  called 
patterns.  Patterns  are  constructed  from  variables  and  atomic  constants  by  two 
different  pairing  operations  and  an  abstraction  operation.  This  is  in  contrast  to 
Rum  where  free  variables  do  not  appear  in  values.  Computations  are  described  by 
expression  environment  pairs.  The  environment  contains  constraints  on  the  free 
variables  which  must  be  satisfied. 

With  unification  as  the  basic  binding  mechanism,  Qute  provides  an  alternative 
view  of  conditional,  application,  and  abstraction  as  computation  primitives.  There 
are  notions  of  success  and  failure  (to  unify)  and  conditional  branches  on  success  vs. 
failure.  Abstraction  is  based  on  patterns  rather  than  simple  variables.  Application 
causes  the  parameter  pattern  to  be  unified  with  the  argument  pattern.  Thus 
equality  a  =  b  can  be  defined  by  {A(x,  x)x}(a,6). 

Qute,  like  Rum,  has  the  capability  of  expressing  a  rich  variety  of  computations. 
There  will  be  many  points  of  interest  to  compare  and  contrast  as  the  mathematical 
properties  of  this  model  of  computation  are  developed. 


VIII.4.  Future  directions 

Rum  is  just  the  beginning,  not  the  end  of  the  approach  presented  in  this 
thesis.  It  is  to  be  extended  and  applied  in  a  number  of  ways.  Two  extensions  to 
the  model  of  computation  are:  computations  over  memory  structures  (structures 
which  have  updating  operations  such  as  rplaea  and  rplacd  of  Lisp);  and  description 
of  asynchronous  computation  a  la  Actors  (Hewitt  [1977]).  Applications  (putting 
theory  into  practice)  include  building  computation  systems  and  reasoning  systems 
based  on  extensions  of  the  Rum  model  of  computation  and  the  formalization  of  its 
metatheory.  There  are  several  directions  for  further  research  which  are  outlined 
below. 

Formalization.  There  are  two  sorts  of  formalization  to  be  carried  out.  One 
is  formalization  of  Rum  in  existing  formal  theories  (for  example  Feferman  [1979], 
[1982])  whose  logical  complexity  is  well  understood,  in  order  to  obtain  information 
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about  the  logical  complexity  of  the  maximum  comparisons.  The  other  is  formal¬ 
ization  of  Zum  and  of  the  S-expression  data  structure  in  existing  mechanical  proof 
systems  such  as  the  Boyer-Moore  theorem  prover  (Boyer  and  Moore  [1979]),  FOL 
(Weyhrauch  [1980])  or  EKL  (Ketonen  [1984]),  to  provide  a  basis  for  mechanical 
checking  of  proofs  of  properties  of  programs  and  of  operations  on  programs.  Such 
work  can  also  serve  as  a  basis  for  developing  a  program  transformation  checker  - 
an  interactive  system  for  defining  and  carrying  out  program  transformations. 

Reflection  -  or  -  having  your  cake  and  eating  it  too.  Excluding  the 
comparisons,  the  operations  and  computation  relations  we  have  defined  are  kum 
computable  over  any  data  structure  that  includes  the  underlying  algebraic  struc¬ 
ture  of  JSum.  Working  over  such  a  data  structure  we  can  extend  the  computation 
primitives  to  provide  reflection  principles  which  convert  computation  state  to  data 
and  convert  data  to  computation  state.  This  allows  programs  and  other  objects  to 
be  treated  as  data  within  an  ordinary  computation.  Reflection  provides  a  mecha¬ 
nism  for  switching  views  within  a  computation  -  viewing  an  argument  as  data  at 
one  point  zmd  as  a  component  of  the  computation  state  at  another  point.  Between 
switches,  an  extensional  view  amenable  to  transformations  and  interpretation  in¬ 
dependent  of  representation  is  maintained,  thus  combining  the  best  of  both  worlds. 
The  are  two  ways  for  providing  reflection.  One  corresponds  to  an  isomorphic  em¬ 
bedding  of  the  computation  theory  and  is  the  form  of  reflection  implemented  by 
Smith  [1982].  The  other  corresponds  to  a  self-reflexive  embedding  which  is  the 
form  of  reflection  implicit  in  traditional  Lisp  systems.  Proposals  for  implemen¬ 
tation  of  the  latter  form  of  reflection  have  been  given  by  Talcott  [1983]  and  by 
Friedman  and  Wand  [1984].  We  plan  to  use  Rum  as  a  foundation  for  studying 
properties  of  reflection  principles  used  as  programming  tools. 

Directions  for  further  development  of  Rum.  The  following  questions  indi¬ 
cate  directions  for  further  work  in  Rum. 

■  Can  the  notion  of  comparison  relation  be  extended  to  sequential  computation? 
If  so,  are  there  analogs  to  the  extensionality  and  improved  recursion  theorems? 

•  What  rules  should  be  added  to  the  rules  for  call-by-value  lambda  calculus  to 
obtain  a  Rum  calculus  with  reasonable  properties?  Such  a  calculus  should 
have  the  Church-Rosser  property  and  the  usual  equations  for  conditional  and 
sequences  should  be  derivable.  What  happens  to  such  a  calculus  when  exten¬ 
sionality  or  fixed  point  induction  is  added? 

.  Can  the  notion  of  computational  progress  (Scherlis  [1980],  see  §1.3)  be  ex¬ 
tended  to  Rum  to  provide  a  basis  for  a  formal  system  of  program  transforma¬ 
tions?  What  are  additional  interesting  examples  of  transformations  involving 
the  use  of  pfns  and  continuations?  For  example,  are  there  systematic  methods 
for  deriving  co-routines  using  program  transformations  in  Ruml 
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This  appendix  contains  a  description  of  the  underlying  algebraic  structure  of  Rum. 
Equations  are  given  specifying  the  domains  of  t-^um  eind  of  s-Rum,  and  the  basic  opera¬ 
tions  and  computation  relations  are  defined  on  these  domains.  Some  theorems  are  stated 
to  indicate  key  properties  of  operations  not  previously  defined  precisely  and  to  provide 
precise  formulations  of  some  remarks  made  in  the  main  text.  It  is  assumed  that  the 
reader  is  familiar  with  the  mathematical  structures  and  notation  given  in  Chapter  HI. 


A.l.  The  domains  of  Rum 

The  following  table  lists  the  domains  of  Rum.  The  name,  domain  symbol  and  a  brief 
description  of  each  domain  are  given.  K  there  is  a  set  of  variables  designated  to  range 
over  a  domain  this  is  indicated  in  the  table  by  <  varsym  >€<  domsym  >.  The  set  of 
variables  consists  of  subscripted  forms  of  <  varsym  >.  Thus  f,  fo,  farg,  •  ..range  over  F. 


Name 

Notation 

Description 

Data 

D 

domain  of  the  given  data  structure 

sequences  of  data 

Operations 

0  e  o 

operations  of  the  given  data  structure 

Symbols 

«  6  Sv 

for  naming  values 

Forms 

f€F 

symbolic  descriptions  of  computation 

Environments 

CeE 

finite  maps  binding  values  to  symbols 

Dtrees 

7>eBt 

description  trees 

U  G  Dt" 

n-ary  dtree  contexts 

Binding  Indices 

X€  1. 

finite  maps  associating  numbers  to  symbols 

Pfns 

(pep 

descriptions  of  partial  functions 

Computation 

Domain 

o  €  V 

data,  data  operations,  pfns,  continuations 

Values 

u,  V  G  V* 

sequences  from  the  computation  domain 

Stages 

r  eCt 

partial  computation  trees 

Nodes 

uEN* 

paths  or  nodes  in  a  tree  domain 

Continuations 

7G  Co 

descriptions  of  computation  contexts 

Co' 

continuation  segments 

States 

?€& 

stages  of  sequential  computation 
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The  domains  of  Rum  are  specified  by  the  domain  equations  given  below.  The  do¬ 
mains  are  generated  freely  from  N  and  S|/  by  constructions  appearing  in  summands  of  the 
corresponding  equations.  The  summands  indicate  the  name  and  arity  of  the  constructors. 
Infix  notation  is  used  for  the  summands  if  infix  notation  is  used  for  corresponding  terms. 
Objects  of  s-Rum  are  generated  by  including  summands  enclosed  in  brackets  [e  . . .]  and 
objects  of  t-Rum  are  generated  by  omitting  these  summands. 

F  ~  S»  e  A(Sv,  F)  ©  app(F,  F)  ©  if  (F,  F,  F)  ©  mt  ©  cart(F,  F)  ©  fst(F)  ©  rst(F) 

[©  note(Sv,F)] 

Dt"  ~  <(V*)  ©  #({i  €  N  I  j  <  n})  ©  A(Ot”+^)  ©  app(Dt",  Dt") 

©  ©  mt  ©  cart(II5t”,  Dt")  ©  fst(Dt")  ©  rst(Dt") 

[©  note(Dt"'*’^)] 

Co*  ~  lfi(Dt°,  Dt°)  ©  Appi(Dt°)  ©  Appc(V*) 

©  Carti(Dt°)  ©  Cartc(V*)  ©  Fstc  ©  Rstc 

Co  '■-'Id  ©  (Co  o  Co*) 

St  ~  (Co  V  Dt)  ©  (Co  ■a  V*) 

Dt~Dt°©0'D*  [©Co*V*] 

P  ~  A(Dt^) 

V~©©0©P  [©Co] 

C.  ~  T  :  <Dt,  V*> 

E  ~  [Sy  *>►  V*]o 

tx  [S|/  *>-  n] 

Dt“  ~  U{Dt"  I  n  G  N} 

Remarks. 

•  The  same  names  have  been  used  for  form  and  dtree  constructors.  Context  will 
always  make  it  clear  which  construction  is  meant  when  it  matters. 

•  Dtree  contexts  Dt“  are  based  on  the  lambda  calculus  notation  of  deBruijn  [1972]. 

•  The  Rum  domains  constitute  a  many  sorted  intial  algebra  (Goguen  and  Meseguer 
[1983]).  The  only  objects  are  those  generated  by  a  finite  sequence  of  constructions  - 
no  junk,  and  two  objects  are  equal  iff  they  are  in  the  same  domain  and  have  the  same 
construction  (modulo  rules  for  equality  in  the  case  of  finite  sequences  and  finite  maps)  - 
no  confusion. 

•  For  a  complete  data  structure  we  would  add  operations  to  serve  as  recognizers 
(characteristic  functions)  for  each  construction  and  operations  for  selecting  components. 
These  are  left  implicit  in  the  presentation  of  Rum. 
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A. 2.  Summary  of  operations  and  relations 

The  following  table  lists  the  operations  and  relations  (other  than  domain  construc¬ 
tion  operations)  defined  in  this  appendix  together  with  their  types. 


Notation  and  arity 


Name _ 

Index  extension 

Indexed  Closure 

Alpha  EJquivalence 

Substitution 

Initial  Stage 

Begin 

Return 

Single  Step  on  stages 

Steps  on  stages 
Evaluation 

Lnmediate  Subcomputation 

Immediately  Reduces-to 

Subcomputation 

Reduces-to 

Definedness 

Ctree  equivalence 

Single  Step  on  states 

Steps  on  states 
Cseq  equivalence 
Returns  to  caller 
Escapes  to  top 
Diverges 
Locality 


1  £  [iz  X  Sy  Is] 

<...  I  e  [F  X  E  X  b  Dt“] 

=  e[(F,E,b)x(F,E,b)] 
daub  6  IIDt“  X  Dt°  X  N  Eh“] 

•  G  [Dt  — ^  C»] 

V  e  (C«  X  N*  X  N  X  Dt  C«] 

A  €  (C.  X  ISI*  X  V*  C«] 

>-+*  C  {C#  X  C.] 

^ C  [C«  X  C.] 

«-+  G  [Dt  V*] 

-<4  C  [lUt  X  Dt] 

XXt  G  [Ittt  Dt] 

-<  C  (Dt  X  Dt] 

C  [Dt  X  Dt] 

■U-  C  Dt 

^  C  [Dt  X  Dt] 

G  [&  '-X-  &] 

X-+ ,  c  [&  X  &] 

«  C  [St  X  St] 
i  C  Dt 
C  Dt 
t  C  Dt 
Ti  CDt 


A.3.  Closure  and  substitution  operations 

>  Extending  index  maps,  x  ^  *  =  {« -<-  0}  U  {«o  x(*o)  +  1  |  so  €  dom(x)} 
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>  Indexed  closure  operation,  (f  I  C;x)  is  defined  by  induction  on  forms. 

if  s  G  dom{x) 
otherwise 


<» 


<A(«)fU;x>  =  A«fie;x?s)) 

(app(fo,fi)  I  f;x>  =  app({fo  I  {;x),<fi  I  C;x» 

I  e;x>  =  in(fo  I  f;x>,<fi  I  ^;x>,(f2 1  e;x» 


(mt  U;x>  =  mt 

<cart(fo,fi)  I  ^;x>  =cart((fo  I  ^;x>,<fi  I  ^;x» 
<fst(f)U;x>=fst«fie;x» 

<rst(f)U;x>  =  rst«f  ie;x» 

<note(«)f  I  f ;  x>  =  note((f  U;  x  1 «» 


>  Clostire.  (f  I  =  (f  I  {}> 

df 

•  Example* 

<A(y)lf(y,X(x)x(y),2)  1  z-t- »)  =  A({lf(y,A(x)x(y),z)  I  z-<- t>;y -^0» 

=  A(lf({y  I  z-(-t;;y-(-0>,<A(x)x(y)  I  z-(- v;y-(-0>,(z  I  z-f- t;;y-«-0») 
=  A(lf(#0,A(#0(#l)),<t;)) 


>  Alpha  equivalence.  Alpha  equivalence  is  the  Rum  analog  to  the  equivalence  re¬ 
lation  generated  by  o-conversion  in  the  lambda  calculus.  Alpha  equivalence  on  form  - 
environment  -  index  triples  is  the  leMt  relation  =  such  that 

so€dom(xo)  A  «i  €  dom(xi)  A  Xo(«o)  =  Xi(«i)  “♦  (*o,  ^o,Xo)  =  (*i,  ^x,Xi) 

«o  ^  dom(xo)  A  «i  dom(xi)  A  Co(«o)  =  ►  (»o,fo,Xo)  =  («i,^i,Xi) 

(mt,fo,Xo)  =  (mt,ei,xi) 

(fo,i,^o,Xo)  =  (fl,i.Cl.Xl)»0  <  *  <  2  — » 

(if(fo,o,fo,iifo,2),^o,Xo)  =  (if(fl,0,fo.l,fl,2),fl,Xl)  A 

(app(fo.o,fo,i),^o,xo)  =  (app(fi.o,fo.i),Ci,Xi)  A 

(cart(fo,o,fo,i),^o,Xo)  =  (cart(fi.o,fo,i).^i.Xi)  A 

(fst{fo,o),^o,Xo)  =  (^^St(fi,o),fi,Xi)  A 

(rst(fo,o),Co,xo)  =  (•'st{fi,o),^i,Xi) 

(fo,^o,Xol«o)  =  (fi,^i,Xil«i) 

(A(«o)fo),^o,Xo)  =  (A(»i)fi),fi,Xi)  A 

(note(fio)fo),fo,xo)  =  (note(fli)fi),  ^i,Xi) 
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*  Alpha  equivalence  is  dtree  equality. 

(fo,^o,xo)  =  ^  (fo  I  fo;xo>  =  {fi  I  Ci;xi) 

>  Substitution  of  dtrees  into  dtree  contexts,  daub  is  defined  by  induction  on  dtree 
contexts. 

dsu6(<u,ll,  n)  =  <u 

dsub{X(Po),^,n)  =  A(dsui»(Do,  t>,n  +  1)) 
dsu6(app(t(o,5i),^,«)  =  app(dsu6(l>0)^>)n),dsu6(di,l>,  n)) 
dsu&(lf(do,l>i,  d2),D,n)  =  lf(dsu6(Do,^,n),dsul»(Di,tl,n),dsu6(D2,l>,n)) 
deuii(mt,5,n)  =  mt 

dsu6(cart(5o,5i),5,n)  =  cart(dsu6(5o,^,n))  d»ui>(l>i,l>,n)) 
dsti6(fst(lio),l>,n)  =  fst(dsu6(do>^,n)) 
d8ti6(rst(lio),5,n)  =  rst(d8u6(t>o,l>,n)) 
dsu6(note(Do),5,n)  =  note(deui(do,ll,n  +  1)) 

Remark.  A  more  complicated  definition  is  required  for  substitution  of  dtree  contexts 
into  dtree  contexts. 

>  Extending  application  and  substitution  notation. 

A(Z>o)*v  =  dsu6(Ilo,<v,0) 
df 

A(t>o)'D  =  dsu6((»o,?>,0) 

=  d8ub{ . dsufc(l»,Iln,,»n)...,llo,0) 

df 

>  Well-formed  application  expression.  It  is  now  convenient  to  think  of  application 
as  a  binary  operation  on  values.  We  say  that  vo^  vi  is  well-formed  iff  vo  G  O  A  vi  €  S* 
or  Vo  €  P  or  vo  G  Co. 

■  About  substitution  and  application. 

(A(I)){5o  . .  .Dm}) '  t;  =  D{<v,Do  ...  Dm) 

(flfo  I  O  =  U;  ^  0}),  <fo  I  0,0) 

dsu6«f  I  ^;x>,<«,")  =  <f  I  6;Xo) 

where  =  ^{«  -f-  w  |  x(«)  =  n}  and  yo  =  {«  -(-  x(«)  I  «  e  dom(x)  A  x(«)  7^  n} 
(Vs  G  dom(x))x(«)  ^  n  dsu6({f  |  0x>.^>,«)  =  (f  I  C.x) 

(A(s)f)  IO't'  =  <fU{«^t;}> 
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A.4.  Generating  computation  trees 

▻  Initial  stage.  *5  =  5},  {}> 

df 

>  Extending  stages.  For  a  stage  r  =  <A,  A‘^,A">  and  u  E  A  define 

(begin)  r  v  (*/,;, U)  =  <A  U  (Kj]},  A''{[t/,y]  A'’> 

df 

(return)  r^(i/,v)  =  <A,  A**,  A’’{i/-<- v}> 


>  Step  rules.  Step.rules  =  {(^'jjj®)  €  [N*  x  N  x  Dt]}  U  {(i/,  v)  G  [N*  x  V*]} 


df 


>  When  a  step  rule  applies.^  The  conditions  under  which  a  step  rule  applies  to  a 
stage  <A,A‘*,  A">  are  defined  by 

app/tes((i/,y,5),<A,  A‘*,A''>)  i/  G  A  A  [v,j\  ^  A  A 
(3Do,l>i)(A‘‘(*/)  =  app(Do,Di)  A 

((y  =  o  Ai>  =  5o)  V  (y=  1  A  5  =  jii)  V  (y  =  2  a5  =  a’'([i/,o])'a‘'([i/,i]))))  v 

(3Do,Di)(AV)  =  i^(^>o,l>i,l>2)  A 

(w=oa.=..)v(,=,a,={j;  i{A:(M{) #□,)), 

(3Do,l»i)(A‘'(*/)  =  cart(5o,l>i)  A  ((y  =  0  A  5  =  l»o)  V  (j  =  1  A  5  =  tii)))  v 
(3Do)(A‘'(i/)  =  fst(Ko)  A  y  =  0  A  U  =  5o)  V 
(3Do)(A''(*/)  =  rst(Do)  A  y  =  0  A  D  =  5o) 
and 

applies((i/,v),<A,A‘*,A''>)  i/  G  Ao  A  i/  ^  dom(Ao)  A 

(3o, d)(A''(i/)  =  o‘d  A  v  =  o{d))  V  A''(i/)  =  <«  V  A''(i/)  =  mt  A  v  =  □  V 

(3Z>o)(A‘'(i/)  =  A(5o)  A  t;  =  A(5o))  V 

(3(>o,5i)(A'*(»/)  =  app(Do,l»i)  A  v  =  A’'([z/,2]))  V 

(3t>o,I>i,52)(AV)  =  'n^>o,l»i,52)  A  t;  =  A"([i/,l]))  V 

(3t>o,5i)(A‘‘(»/)  =  cart(Zio,l»i)  A  t;  =  [A’'(K0]), 1])])  V 

(3Z)o)(A''(t/)  =fst(5o)  A  t  =  l“  (A^di/.O])))  V 

(3Do)(A‘'(i/)  =  rst(Do)  A  t;  =  r“  (A’’([t/,0]))) 


^  Implicit  in  the  definitions  are  hypotheses  that  arguments  are  in  the  domain  of  partial 
operations.  For  example,  implicit  in  v  =  A*^([i/,  1]))  is  the  assertion  that  [i/,  1]  €  dom(A^). 
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>  The  computation  tree  for  Ct(I>)  =  <Ai,,A5,  A5>  =  U{r  |  •b  >— »  r} 

df 

■  Small  diamond  property. 

r  ^  rl  r2  \f  \ 

{rl,  r2}  C  Step.rule  A  ro  > — ►  ti  A  ro  > — ►  T2  (3rs)(ri  > — ►  rs  A  rj  > — ►  rs) 


■  Steps  increase  stages,  ro  ri  ro  C  ri 

■  Steps  in  substages  lift,  rii,  =  ro  A  ro  n  — ♦  r  t{i/^  ti} 

■  Subtrees,  u  G  A  A^(i^)  =  5o  =  Ct(^o) 

■  A  computation  that  returns  a  value  is  finite,  o  G  dom(AJ)  — ►  •!)  Ct(Z)) 
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A. 5.  Computation  relations  for  tree-structured  computation 

>  Evaluation,  reduces-to,  subcomputation.  Evaluation  (‘-♦),  immediately  reduces- 
to  (»-»),  and  immediate  subcomputation  (*<4)  are  the  lezist  relations  such  that 

(val)  <v  t; 

(lam)  A(I>)  ►  A(t)) 

(dapp)  o*  d  o(d) 

(mt)  mt  D 

(cart)  Do  Vo  A  l»i  «-+  ei  cart(Do,5)  [vo.vi] 

(fst)  Do  Vo  — ^  fst(Do)  1**  (vo) 

(rst)  Do  ►  Vo  — ►  rst(Do)  r**  (vo) 

(redt.ret)  D  DoADo'^v— ►D*-*!; 

(app)  Do  Vo  A  Di  *->  vi  -+  app(Do,Di)  »-4  «o*vi  %  vo' vi  well-formed 

(if) 

(if.test)  Do  -<4  if(Do,Di,D2) 

(app.fun)  Do  -<»  app(Do,Di) 

(app.arg)  Di  -<4  app(Do,Di) 

(cart.lhs)  Do  -<4  cart(Do,Di) 

(cart.rhs)  Di  -<4  cart(Do,Di) 

(fst.seq)  Do  -<4  fst(Do) 

(rst.seq)  Do  -<4  rst(Do) 

(redt.beg)  D  >>-4  Do  — ♦  Do  -<4  ® 

l^nd  definition  of  >^4,  “<4 

>  Additional  t-j^um  relations 

-<  =  -<4''’ 

df  df 

(ID  =  (3v)D  V  Do  ^  Di  =  (Vu)(Do  v  •<-+  Di  v) 

df  df 

■  Equivalence  of  computation  trees  and  computation  relations. 

(eval)  d  ^  V  ^  AJ(d)  ==  v 

(subc)  J)o  ^  {3<A,  A^,  y)(#Z)  > — ►  <A,A^,A''>  A  A**([i/,  j])  =  Do) 
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A.6.  Sequential  computation 

t>  Single  step  for  computation  states.  The  single  step  relation  (  >— )  is  the  least 
relation  on  [St  x  St]  satisfying 

(val)  7  V  <t;  7  A  v 

(lam)  7  V  A(D)  7  a  A(D) 

(dapp)  '^'7  o'  d  >— 7  A  o{d) 

(capp)  7  V  70  ^ »  >—*i  70  ^  v 
(mt)  7  V  mt  > — 7  A  □ 

(cart.ret)  7oCartc{vo)  ^  vi  >— ►*  7  a  [vqjVo] 

(fst.ret)  7  o  Fstc  a  t>  > — 7  a  1**  (v) 

(rst.ret)  7  o  Rstc  a  i>  >— 7  r**  (v) 

(app.fun)  7  V  app(Zlo,5i)  >^t  7©  Appi(l>i)  v  5o 
(app.arg)  70  Appl(Di)  a  ©o  70  Appc(»o)  ^ 

(app.app)  70  Appc(t;o)  ^  vi  >-+»  7  v  vo'vi  %  if  vo'ti  is  well-formed 
(if.test)  7  V  if(l>o,5i,52)  >— 7  o  lfi(5i,I»2)  ^  Ho 

(if.br)  7  o  lfi(l>i,52)  A  t;o  >— ►»  7  ^  if  t?o  7^  o 

P2  if  Vo  =  CD 

(cart.lhs)  7  v  cart(Do,l>i)  7©  Carti(di)  v  Do 
(cart.rhs)  7  o  Carti(Di)  a  vq  >— ►»  7  o  Cartc(t;o)  v  Di 
(fet.beg)  7  V  fst(D)  >— ►*  7  o  Fstc  V  D 

(rst.beg)  7  V  rst(D)  >— 70  Rstc  v  D 

(note)  7  V  note(D)  >— +*  7  v  D{<7} 

^end  definition  of 

>  Step  relation  for  states.  >— ►  =  (  >— )*  and  )■•■ 

>  Sequential  equivalence.  Do  «  =  (V7,  t;)(7  v  Do  >— ►  Id  a  v  ♦-».  7  v  Di  >— >  Id  a  v) 

df 

>  Returns  to  caller,  =  (^7)(3v)7  v  Z>  >— ►  'y  ^  v 

df 

>  Escapes  to  top.  =  (V7)(3t;)7  vD  >— ••  Id  a  v 

df 

>  Diverges,  =  -i(3t;)(ld  vD  >— ►  Id  a  v) 
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>  Evaluation  in  s-^«m.  U  ►  v  =  ('^'7)  (7  ^  ®  7  ^ 

df 

>  Reduces-to  in  a- Rum.  Oo  ^*1  =  (V7)(7  ^  ^0  >—*■  7  ^1) 

df 

>  Definedness  in  a-Rum.  -(^5  =  (3t;)5  <— ►  v 

df 

>  Locality*  V 

df 

>  Ctree  equivalence  in  a-Rum.  do  =  Ti^o  A  ti^*i  A  (Vv)(Do  v  5i  ►  v) 
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Appendix  B.  More  examples 


In  this  appendix  we  present  two  examples  to  illustrate  further  what  can  be 
expressed  in  Zum  and  to  provide  applications  of  the  tools  developed  so  far.  The 
first  example  gives  a  more  precise  formulation  of  intensional  properties  of  programs 
than  we  have  previously  given.  The  second  example  illustrates  a  new  use  of  pfnls 
and  their  properties  as  schemes  for  defining  and  proving  properties  of  search  pfns. 


B.l.  Derived  computations 

In  this  example  a  class  of  properties  of  computation  trees  called  derived  prop¬ 
erties  and  a  derivation  map  on  descriptions  are  defined.  Derived  properties  are 
given  by  a  scheme  for  recursion  on  computation  trees  parameterized  by  a  sequence 
of  primitive  derivations  -  one  for  each  computation  primitive.  The  derivation  map 
is  parameterized  by  a  sequence  of  derivation  symbols  naming  the  primitive  deriva¬ 
tions.  Derived  descriptions  compute  the  derived  properties  of  the  original  com¬ 
putation  together  with  (a  derivation  of)  the  original  value.  Examples  of  specific 
derived  properties  are  given,  including  many  of  the  properties  previously  discussed 
informally.  As  an  application,  we  show  that  the  derived  pfn  Mtprod  of  §11.1  can 
be  obtained  by  specializing  the  derivation  of  T prod  to  the  primitive  derivations  for 
counting  multiplications. 

Derived  properties  of  computation  trees 
Let  Do  C  D  and  let  V  be  a  sequence  from  V 

^  tymi^  mt  lamt^  if  appi^  earti^  o  |  ®  ^ 

We  say  that  V  is  a  sequence  of  primitive  derivations  if 

Vo  G  Do  for  o  G  O,  V,y,„  G  Do,  V/am  €  Do,  VmtCDo 
Vj/  G  [Do  Do  “V  Do],  ^ app  ^  1^0  11^0  Do  Do] 

Vcort  €  [Do  Do  -V  Do],  Vftt  G  [Do  Do],  €  [Do  Do] 

where  for  pfns  and  data  operations,  t?  G  [Do  Do  — >-  Do]  means  (Vdo,  ^ 
Do)(3d  G  Do)v^*(?*o,  ^i) 
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>  The  computation  tree  derivation.  For  computation  trees  Ct(5)  such  that 
the  derivation  C't(D)^  is  defined  by  induction  on  the  tree  structure 


(C7t(<u))^  —  ^  0ym 
(Ct(mt))^  = 

(Ct(A(t>o)))^  =  ^lam 

(Ct(o'd))^  =  Vo 

(Ct(if{Do,5i,^2)))"'  =  Vi/((C7t(i)o))^,di) 


where  di  = 
(Ct(app(5o,^>i)))^ 


=  Vapp((Ct(Do))'",(Ct(5x))^,(Ct(i)2))"') 


where  uo  A  ui  A  D2  = 


(Ct(cart(l>o,5i)))^  =  Voort((Ct(^o))^,(C't(I>i))'^) 
((7t(fst(5o)))^  =  V/,,((C<(i>o))^) 
(C't(rst(5o)))^=V„t((Ct(I>o))"') 


B.1.2.  Example  derivations 

Working  over  ^sexp  we  give  four  examples  to  indicate  a  few  of  the  properties 
of  computation  trees  that  can  be  expressed  by  the  derivation  just  defined. 

Example  1:  Counting  data  operations.  Let  O  be  a  set  of  data  operations. 
In  §11.1  we  introduced  count(p,  O),  the  number  of  data  operation  application  nodes 
in  Ct{5)  with  dtree  label  o' d  for  some  o  G  O  and  some  d  €  D*.  We  can  define 
count  as  a  derived  property  as  follows.  Let  V  be  the  sequence  defined  by 


V  aym  —  V  fftt  —  V  iom  —  ® 

Vapp  =  A(x,y,z)(x  +  y +  z) 

Vi/  =  Vcart  =  A(x,y)(x  +y) 

Vf»t  =  V  rat  =  A(x)x 

y  _ri  ifo€0 
°  1 0  otherwise 


Then  count(d,0)  =  (Ct(D))^  for  defined  dtrees  U. 
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Example  2:  Counting  symbol  references.  Let  V  be  the  sequence  defined 

^  tym  —  1 
^  mt  ~  lam  ~  0 

Vapp  =  A(x,y,2)(x  +  y  +  2) 

Vi/  =  Vcart  =  A(x,y)(x  +  y) 

V/4t  =  V„t  =  A(x)x 
V,  =  0 

If  ^0  then  (Cf  (5))^  is  the  number  of  symbol  (value)  nodes  in  C7<(D).  For  example, 
for  the  computation  tree  (74(9^)  shown  in  §IV.2  (Figure  13)  we  can  easily  compute 
Ct(l>if)^  =  3. 

Example  3:  computation  tree  depth.  Let  V  be  the  sequence  defined  by 


V  sym  —  V  fnt  —  V /am  —  I 

Vapp  =  A(x,y,2)(l  +  Max[x,y,2]) 
Vi/  =  Vcart  =  A(x,y)(l  +  Max[x,y]) 
V/,t  =  Vrrt  =  A(x)(l  +  x) 

Va  =  l 


K  then  (Ct(d))^  is  the  depth  (maximal  path  length)  of  C't(D).  In  particular, 
we  have  C7t(?>if)^  =  5. 

Example  4:  skeleton  trace.  Let  V  be  the  sequence  defined  by 


V,ym  =  <"sym"> 

Vmt  =  <"mt"> 

V/am  =  <"lam''> 

Vapp  =  A(x,y,2)ListMk["app'’,x,y,2] 

Vi/  =  A(x,y)LlstMk["lf",x,y] 

Vcart  =  A(x,y)ListMk["cart'',x,y] 

V/c/  =  A(x)ListMk["fst",x] 

V/ai  =  A(x)ListMk["rst'*,x] 

Vj,  =  <pname(o)>  X  pname(o)  is  a  string  —  the  “print  name”  of  the  operation  o 


§B.l 


Derived  computations 


213 


If  then  (Ct(?>))^  is  a  skeleton  trace  of  Ct{Xt)  -  a  representation  of  the  tree 
domain  as  a  list  structure  with  nodes  labeled  by  strings  indicating  the  type  of  the 
dtree  labeling  that  node.  For  example 

=  <"11"  <"sym''> 

<''cart"<"fst"  <"sym"» 

<"app''  <”lam"> 

<"rst"  <"sym"» 

<”lam''>>» 

Note  the  correspondence  between  the  tree  structure  of  (Figure  13  in  §IV.2) 

and  the  list  structure  of 

B.1.3.  Derivation  map  for  descriptions 

We  now  define  a  derivation  map  f  on  descriptions  corresponding  to  the  com¬ 
putation  tree  derivation  defined  above.  Derived  descriptions  compute  the  derived 
property  and  carry  out  the  original  computation  as  well  (returning  a  derived  value). 
The  main  work  is  defining  the  derivation  on  forms.  The  rest  follows  naturally.  The 
derivation  map  is  parameterized  by  a  sequence  of  derivation  symbols  corresponding 
to  the  sequence  of  primitive  derivations. 

[D.sym,  D.mt,  D.lam,  D.if,  D.app,  D.cart,  O.fst,  D.rst,  D.o  |  o  £  O] 

We  assume  these  symbols  are  new.  Derived  environments  will  map  each  derivation 
symbol  to  to  the  corresponding  element  of  V. 

t>  Derivation  for  forms.  The  derivation  of  a  form  f  (written  f^)  is  defined  by 
induction  on  the  structure  of  forms. 

=  [D.sym, «] 
mt^  =  [D.mt,mt] 

(A(s)f)^  =  [D.lam,  A(s)ft] 

if(fo,fi,f2)^  =  Iet{[d0,x0]  ^fo^} 

let{[dl,xl]  ^  if(x0,fit,f2t)} 

[D.if(dO,dl),xl] 

app(fo,fi)^  =  Iet{[d0,x0] 

let{[dl,xl]^fit} 

Iet{[d2,x2]  -<-app(xO,xl)} 

[D.app(d0,dl,d2),x2] 
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cart(fo,fi)^  =  Iet{[d0,x0] 

(Dxart(dO,  dl) ,  xO,  xl] 

fst(fo)t  =  Iet{[d0,x0]  ^fo^}[D.fst(dO),fst(xO)] 
rst{fo)^  =  Iet{{d0,x0]  -<-fo^}[D.rst(dO),rst(xO)] 
where  dO,  dl,  d2,  xO,  xl,  x2  are  new  symbols  where  they  occur  in  the  derived  forms 
>  Derivation  for  dtrees  and  other  objects  of  t-^um. 

(f  1 0^  =  I  en 

(o'd)t  =  ot'dt 

=  d 

=  (A(x)[D.o,o(x)]  I  o-<-o) 

«M»)f  I  £>  e  v)t  =  (A(.)ft  I  ft) 

[ai  ...On]*  =  [ait...antl 

=  (^(5))^  %  »  not  a  deriving  symbol 

^^(D.sym)  =  V,y„,  ...  ^^(D.o)  =  Vo  ... 

■  Derivation  commutes  with  pfn  application,  {(p'  vY  = 

■  Derivation  theorem. 

t; 

This  is  easily  proved  by  computation  induction.  A  stronger  version  of  this  theorem 
could  be  formulated  expressing  the  sense  in  which  the  structure  of  the  original 
computation  is  preserved. 

■  Derived  recursion  lemma.  The  following  fact  about  derivations  of  recur¬ 
sively  defined  pfns  is  useful  in  proving  properties  of  such  pfns.  It  follow  directly 
(though  somewhat  tediously)  from  the  definitions  using  simple  let  conversions  and 
permutations. 

r  =  (Rec((A(f)A(x)f  I  f)))t  ^  “  {A(x)lel{|d,y]  .i-  ft}|D.rec(d),y]  I  ft{f  ^  ,j}> 

where 

D.rec  =  A(d)D.app(D.app(D.sym,  D.app(D.sym,  D.sym,  D.Iam),  D.Iam), 
df 

D.sym, 
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B.1.4.  Applying  the  universal  derivation  to  Tprod 

We  now  show  how  to  derive  the  definition  of  Mtprod  from  Tprod  using  the 
derivation  map  f  followed  by  program  transformations  to  simplify  the  derived 
pfn.  We  begin  with  a  general  derivation  for  Tprod  and  then  consider  the  special 
case  where  the  basic  derivation  operations  are  those  of  Example  1.  For  simplicity 
we  extend  the  S-expression  structure  to  include  Car,  Cdr,  Atom  and  *  as  data 
operations. 

Define  TprodD  to  be  the  derivation  of  Tprod  and  FstTprodD,  RstTprodD  to 
be  the  1®*  and  r®*  projections  of  the  derived  computations. 

>  TprodD  ^  (Rec(A(TprodD.A(x) 

if(Atom{x),x,  *[TprodD(Car(x)),TprodD(Cdr(x))]))))f 

>  FstTprodD  ^  A(x)fst(TprodD(x)) 

>  RstTprodD  A(x)rst(TprodD(x)) 

■  Derived  Tprod  lemma. 

Tprod  D(x)  =  if(Atom(x), 

[D.rec(D.tpat),x], 

let{[da,za]  -4-  TprodD(Car(x))}let{[dd,zd]  TprodD(Cdr(x))} 
[D.rec(D.tppr(da,dd)),*[za,zd]) 

FstTprodD  (x)  =  if(Atom(x), 

D.rec(D.tpat), 

D.rec(D.tppr(FstTprodD(Car(x)),FstTprodD(Cdr(x))))) 
RstTprodD(x)  =  lf(Atom(x), 

X, 

*{RstTprodD(Car(x)),  RstTprodD(Cdr(x))]) 

RstTprodD  (x)  =  Tprod  (x) 
where 

D.tpat  =  D.lf(D.app(D.sym,D.dsym,D.atom),D.sym) 

D.tppr  =  A(da,dd)D.if(D.app(D.sym,  D.dsym,  D.atom),  D.tpad{da,db)) 

D.tpad  =  A(da,dd)D.app(D.sym, 

D.cart(D.app(D,sym,D.car,da), 

D.app{D.sym,  Dxdr,dd)), 
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f  Derived  Tprod  corollary.  For  V  as  in  Example  1  with  O  =  {*}  and  x  ranging 
,  i. amber  trees  we  have 

TprodD(x)  =  if(Atom(x), 

I0,x], 

let{[da,za]  TprodD{Car(x))}let{[dd,zd]  TprodD{Cdr(x))} 
[dd  +  da  +  l,*[za,zd]]) 

FstTprodD{x)  =  Mtprod{x) 

Proof  of  derived  Tprod  lemma.  The  key  step  for  the  derivation  of  the  T prod  D 

equation  is  to  note  that  by  the  derived  recursion  lemma 

TprodD^  A(x)let{[d,y]^if(Atom(x),x,*[TprodD(Car(x)),TprodD(Cdr(x))])t} 
[D.rec(d),y] 

and  by  the  definition  of  the  derivation  map  and  laws  for  =  (especially  let-  conver¬ 
sions  and  permutations) 

if  (Atom  (x) ,  X,  *[T  prodD  (Car  (x)) ,  T  prod  D  (Cdr  (x) )])  ^ 

=  if(Atom(x), 

[D.tpat,x], 

let{[da,za]  TprodD(Car(x))}let{[dd,zd]  ^  TprodD(Cdr(x))} 
[D.tppr(da,  dd) ,  *  [za,  zd]]) 

A  useful  trick  when  working  in  a  fixed  global  environment  such  as  the  S-expression 
world  is  the  following  lemma. 

■  Global  symbol  lemma.  If  G.sym  is  a  global  symbol  such  that  Gsym^  = 
A(x)[D.Gsym(x),Gsym(x)]  for  some  deriving  operation  D.Gsym  then 

Gsym(y)^  =  [D.app(D.sym,D.sym,D.Gsym(y)),Gsym(y)]. 

This  and  similar  lemmas  make  the  derivation  of  the  equation  for  Tprod D  simpler. 

Proof  of  derived  Tprod  corollary.  To  obtain  the  corollary  we  compute,  using 
the  derivation  operations  of  Example  1,  that 


D.rec(d)  =  d  D.tpat  =  0  D.tppr(<ia>  da)  =  1  +  da  +  da 
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B.1.5.  Possible  elaborations 

The  computation  tree  derivation  defined  above  accounts  for  many  of  the  in- 
tensional  properties  of  computations  that  have  been  discussed.  There  are  several 
possible  elaborations  that  would  allow  even  more  to  be  expressed. 

One  possibility  is  for  primitive  derivations  to  take  the  value  of  each  subcom¬ 
putation  as  an  argument  in  addition  to  the  derived  property.  This  would  allow 
a  more  complete  trace  to  be  defined  which  includes  not  only  the  data  operation 
names  but  also  the  arguments.  The  derived  program  trace.rev  (§1.3)  is  an  exam¬ 
ple.  More  generally  deriving  functions  for  data  operations  could  make  the  cost  of 
the  operation  depend  on  the  argument. 

A  further  elaboration  is  to  modify  the  transformation  to  turn  each  value  into 
an  object  (pfn)  that  h2aidles  messages.  For  example  the  follow  message  response 
pairs  could  be  included. 

"val"  =►  the  transformed  object 

"type"  =>  "data",  "opc",  or  "pfn" 

"name"  =>•  an  identifying  pname 

Derivation  pfns  then  have  more  information  about  the  arguments  available.  For 
example  the  applications  of  a  pfn  with  a  given  name  could  be  counted. 


B.2.  Searching  tree  structures 

Tree  structures  are  important  in  practice  as  well  as  in  theory.  Tree-structured 
search  spaces  are  one  example  of  their  use  in  practice.  A  tree-structured  search 
space  is  a  set  P  together  with  a  function  t?  from  P  to  P*.  P  is  called  the  search 
space  and  elements  p  of  P  are  called  positions.  i?  is  called  the  successors  function, 
t?  determines  the  sequence  of  immediate  successors  of  any  position  in  the  space 
and  hence  the  tree  of  positions  below  any  given  position.  (Recall  that  we  grow  our 
trees  from  the  root  downward.)  The  reason  such  spaces  are  called  search  spaces 
is  that  they  are  used  to  organize  information  to  enable  a  program  to  search  for 
solutions  to  a  problem.  For  example  P  could  be  the  set  of  legal  board  positions 
in  a  game  such  as  chess  or  checkers.  The  successors  of  a  position  are  given  by  the 
legal  moves  from  that  position.  One  is  searching  for  sequences  of  moves  leading 
to  a  winning  position.  Another  example  is  pattern  matching.  Here  P  is  a  set  of 
triples  (tt, t,p)  where  tt  is  a  pattern  (containing  some  pattern  variables),  t  is  the 
object  to  be  matched  and  //  is  a  partial  match,  assigning  values  to  some  of  the 
pattern  variables.  The  successors  are  triples  (tt,  t,  fi')  where  p'  is  an  extension  of 

H. 
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In  the  following  we  assume  that  the  search  space  P  is  a  subset  of  the  com¬ 
putation  domain  and  that  the  successors  function  t?  is  a  pfn  or  data  operation. 
A  seajch  strategy  is  an  ordering  on  the  nodes  of  a  search  space  -  the  order  in 
which  nodes  are  to  be  visited  in  the  search  process.  A  search  pfrd  for  a  particular 
search  strategy  is  a  pfnl  that  maps  a  tree  (i.e.  a  successor  and  a  root  position)  to 
a  stream  of  positions  generated  in  the  order  prescribed  by  the  strategy.  Our  idea 
is  to  define  search  pfnls,  prove  general  properties  of  the  search  pfnls  and  use  this 
basis  to  define  paxticulax  search  pfns  and  prove  properties  of  these  pfns.  Here  we 
shall  consider  a  particularly  simple  strategy  called  depth-first  search.  The  ideas 
generalize  to  alternative  and  more  complex  strategies  such  as  those  described  in 
Burstall  [1968].  A  depth-first  search  of  a  tree  goes  down  the  left-most  branch, 
visiting  each  node  on  the  way  until  it  reaches  a  leaf.  Then  it  backtracks  to  the 
nearest  previous  node  having  an  unvisited  successor  and  does  a  depth-first  search 
from  the  leftmost  unvisited  successor. 

We  begin  by  developing  enough  of  the  mathematics  of  tree-structured  spaces 
and  depth-first  search  to  provide  a  semantic  basis  for  expressing  and  proving  prop¬ 
erties  of  search  pfnls.  The  tree  structure  given  by  a  successor  function  and  a 
position  and  additional  related  concepts  are  defined.  A  depth-first  enumeration 
function  is  defined,  to  make  precise  the  notion  of  depth-first  order,  and  key  prop¬ 
erties  of  this  function  are  given.  Finally  we  define  a  depth-first  search  pfnl  and 
prove  some  basic  properties.  Two  applications  are  given:  generating  the  fringe 
of  an  S-expression  and  a  simple  pattern  matcher.  Definitions  of  operations  on  S- 
expressions  can  be  found  in  §IV.5  and  definitions  and  properties  related  to  streams 
czm  be  found  in  §rV.6. 

B.2.1.  Position  trees 

Let  P  C  V  be  a  set  of  positions  and  fix  t?  :  [P  P*]  a  successors  operation 
for  P.  p,po,  •  •  •  will  range  over  P. 

>  The  tree  given  by  (t?,p).  rree(t?,p),  the  tree  given  by  (t?,p),  is  the  least  tree 
<A,  A>  €  T  :  <P>  such  that 

(A)  o  e  A  1/  G  A  A  A(i/)  =  po  A  y  <  |t?(po)|  e  a 

(A)  A(d)=p  A([i/,j])  =  i?(po)iy 

Note  that  \uj  -|-  1]  G  A  —*■  \uj\  G  A.  In  this  section  we  will  only  consider  tree 
domains  A  G  T  that  have  this  property.  (The  no-gaps  assumption.) 

>  Degree  of  a  node  in  a  tree  domain.  We  also  assume  that  each  node  u  of 
A  has  a  finite  number  of  immediate  successors.  This  number  is  called  the  degree 
of  1/  in  A  (written  deg  (A,!/)). 

deg{A,iy)  =  [{j  |  [u,j]  G  A}| 

Cll 
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Note  that  by  the  no-gaps  assumption  on  tree  domains, 

deg{A,u)  =  fi{n){[u,j]  ^  A)  and  u  €  A  A  j  <  dtg{A,u)  [u,j]  €  A. 
df 

The  sequence  of  immediate  successors  of  in  A  is  the  sequence  of  nodes  \u,j]  in 
A.  Since  nodes  themselves  are  sequences  of  numbers  it  is  necessary’’  to  package  the 
nodes  as  elements  in  order  to  form  the  successor  sequence.  The  simplest  form  of 
package  is  K(i/).  (Recall  K  =  A{x,y)x.)  For  readability  we  define  pfns  Close  and 
Open  which  package  and  unpackage  sequences. 

>  Close  K 

>  Open  A(s)s(mt) 

>  Immediate  successor  sequence.  The  immediate  successor  sequence  isue  (A,  v) 
for  1/  6  A  is  defined  by 

|»5uc(A,i/)|  =  dcj?(A,i/)  and  i<deg{A,u)  —>■  wuc  (A,  ,  =  Close([i/,»]) 

Note  that  for  Tree{^,p)  =  <A,  A>  and  u  €  A 

t>(A(t/))  =  Collect(A  o  Open,  i«uc(A,i/)) 


Two  additional  notions  that  are  useful  for  talking  about  enumeration  of  nodes 
in  a  tree  domain  are  the  above  and  left-of  relations  on  nodes. 

>  Above  relation.  A  node  i/q  is  above  another  node  i/i  (written  i/q  <above 
if  I/O  is  on  the  path  to  i/i. 


t'O  <above  t'l  =  (3l/2)(t'l  =  Wo,l'2]) 
df 

>  Left-of  relation.  The  node  i/o  is  to  the  left  of  the  node  Ui  (written  i/q  <ieft  *'i) 
is  defined  by 

l/Q  =  (3t  <  j)(3l/)([i/,  t]  ^above  ^0  A  ^above 

df 

■  Independence.  If  i/q  is  to  the  left  of  i/i  the  tree  below  i/q  is  disjoint  from  the 
tree  below  i/i. 


t'o  <left  t'l 


(l^O  ^above  A  U\  ^above 
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B.2.2.  Depth-first  enumeration 


The  function  df  (A,  n)  enumerates  nodes  in  a  tree  domain  in  depth-first  order. 
□  is  the  least  node  (the  0-th  stage] .  At  each  stage,  the  next  node  is  the  leftmost 
successor  in  A  of  the  current  node  unless  the  current  node  has  no  successors. 
If  the  current  node  has  no  successors,  the  next  node  is  the  left  most  unvisited 
successor  of  the  nearest  ancestor  with  an  unvisited  successor.  This  is  found  by  the 
backtracking  function  back.  ^  At  each  stage  of  enumeration,  the  remainder  of  the 
tree  domain  df^{A,n)  is  a  forest  (a  sequence  of  subtrees).  The  sequence  of  roots 
of  this  forest  corresponds  to  the  stack  used  in  backtracking  in  a  depth-first  search. 
The  spanning  function  span  (A,  n)  gives  the  sequence  of  roots  (the  span)  of  the 
remainder  at  the  n-th  stage,  leftmost  first.  Thus  every  node  in  d/^(A,n)  is  below 
a  unique  node  of  stack{A,n)  and  every  node  of  A  below  a  node  of  stack{A,n)  is 
in  d/^(A,n). 


>  Depthfirst  enumeration.  d/(A,n)  is  defined  by  induction  on  n.  back{A,i/) 
is  defined  by  induction  on  u. 

6ocfc(A,a)=o  and  back{A,[i/,j])  = 

df{A,0)  =□ 

df  (A,  n)  =  1/  A  [//,  0]  G  A  — >  df  (A,  n  +  1)  =  [z/,  0] 
d/(A,n)  =  1/  A  [j/,0]  ^  A  — ^  d/(A,n  +  1)  =  back{A,i/) 


I  W,J  +  1]  if  +  1]  €  A 
\  back{AyU)  otherwise 


>  Depth-first  remainder.  d/^(A,n)  =  A  —  {df{A,j)  |  j  <  n} 

df 

>  Spanning  function,  span  (A,  n)  is  defined  by  induction  on  n. 

span  (A,  0)  =  isuc(A,o) 

span(A,n)  =  [Close(i/),  u]  —*■  span(A,n -f- 1)  =  [tsuc(A,i/),  w] 
span(A,n)  =  a  — ♦  span(A,n  -f- 1)  =  □ 


■  Backtracking  lemma.  The  key  properties  of  the  spanning  and  backtracking 
functions  axe  (left)  and  (stack).  Proof  is  by  induction  on  n. 

(left)  i  <j  <  |span(A,n)|  Open(span(A,n)J.,)  <uft  Open(span(A,n)J.y) 

(stack)  span(A,n)J.y  =  Close(z/)  A  back{A,i/) 

5pan(A,n)J.  j+i  =  Close(6ac/;(A,  z/)) 


^  By  the  usual  definition,  j/q  is  before  Ui  in  the  depth-first  order  iff  uq  is  above  (and  not 
equal  to)  or  to  the  left  of  Ui.  On  a  tree  domain  depth-first  enumeration  agrees  with 
depth-first  order  on  any  finite  initial  segment. 
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■  Depth-first  enumeration  theorem.  The  key  facts  about  df  and  span  are 
that  the  nodes  df{A,j)  for  j  <  |A|  are  distinct  elements  of  A  and  for  j  H-1<|A| 
the  first  element  of  spanning  sequence  of  the  j-th  remainder  is  the  next  element 
of  the  depth-first  enumeration. 

(df.enum)  j  <  |A|  —>■  df{A,j)  €  A  A  i  <  <  |A|  — >  d/(A,»)  ^  df{A,j) 

(df.next)  y  +  1  <  lAj  —>■  1®*  (span(A,j))  =  Close(d/(A,y  +  1)) 

The  depth-first  enumeration  theorem  is  an  immediate  consequence  of  the  following 
lemma. 

■  Characterization  of  depth-first  enumeration  and  remainder,  (card) 
says  that  the  remainder  of  A  is  reduced  by  one  at  each  step  of  the  enumeration, 
(down)  says  that  the  remainder  at  each  stage  downward  closed  and  thus  is  a  union 
of  disjoint  subtrees,  (span)  is  the  characterizon  of  spanning  given  above. 

(card)  n  <  |A|  |d/^(A,n)|  =  |A|  —  n  —  1 

(down)  n  <  |A|  A  1/  e  d/^(A,n)  A  [u,j]  €  A  [i/J]  €  d/^(A,n) 

(span)  Close(i/)  G  span(A,n)  —*  u  G  df^{A,n)  A 

n  <  |A|  A  1/  e  df^{A,n)  -+  (3i/o)Close(i/o)  G  span(A,n)  A  i/q  <above 
(pop)  n  +  1  <  |A|  — »  1“*  (5pan(A,n))  =  Close(d/(A,n  +  1)) 

These  facts  are  easily  proved  by  induction  on  n  using  the  backtracking  lemma. 
B.2.3.  Depth-first  search  pfnl 

Dfst  is  a  pfnl  that  takes  a  tree  (t?,p)  and  returns  a  stream  that  generates 
positions  labeling  nodes  of  the  tree  in  depth-first  order.  More  generally,  Dfst  takes 
a  successor  operation  s  and  a  sequence  of  positions  [p,z]  labeling  the  roots  of  a 
sequence  of  trees  and  returns  a  stream  generating  positions  labeling  the  nodes  of 
the  sequence  of  trees. 

>  Dfst  A(s)Rec(A(df)A[p,z]A()ifmt(p,mt, [p,df(s(p),z)])) 

■  Dfst  enumerates  depthfirst.  For  Tree{d,p)  =  <A,A>  and  n  <  |A| 

Dfst(t?,p)('*)  =  A(d/(A,n)) 

Dfst(t?,p)^’*  =  Dfst(t?,  Collect  (A  o  Open,  span  (A,  n))) 

Proof  is  by  induction  on  n  using  the  depth-first  enumeration  theorem. 
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»  Dfst  corollary.  If  |A|  <  u;  then  Filter(^,  Dfst(t>,p))  generates 

{po  1  (3i/  €  A)(A(i/)  =  po)  A  <p{po)  7^  o} 


in  depth-first  order. 

■  Dfst  enumeration  of  forests.  A  further  useful  fact  about  the  depth-first 
enumeration  stream  is  that  the  depth-first  stream  for  a  forest  is  the  concatenation 
of  streams  for  individual  trees.  If  Tree{d,pi)  =  <A,-,  A,>  for  0  <  *  <  fc  then 

Dfst(t?,[po...pfc])  =  Dfst{t?,po)o...oDfst(t?,pjk) 

Proof  is  by  induction  on  k  using  the  Dfst  forest  lemma  and  properties  of  stream 
concatenation. 

■  Dfst  forest  lemma.  For  Tree{t?,p)  =  <A,A>  and  n  <  |A| 

Dfst(i?,[p, «])(")  =  Dfst(t?,p)(”) 

Dfst(t?,  [p,v])^"  =  Dfst(t?,  [Collect(A  o  Open,span(A,n)),v]) 

Proof  is  by  induction  on  n. 

B.2.4.  The  fringe  of  an  S-expression 

As  our  first  application  of  searching,  we  let  P  =  Dsexp  with  successor  op¬ 
eration  PairUn  and  show  how  the  fringe  of  an  S-expression  can  be  generated  by 
searching  the  corresponding  tree  for  atoms.  The  fringe  of  an  S-expression  a  is 
the  sequence  of  atoms  occurring  in  a  in  left  to  right  order.  The  pfn  Fr  computes 
the  fringe  (as  sequence  of  atoms)  in  the  standard  way  by  concatenating  the  fringe 
of  the  components  until  a  non-pair  is  reached.  FrS  returns  a  stream  generating 
elements  of  the  fringe  by  searching  for  atoms  in  depth  first  order. 

>  Fr  Rec(A(Fr)A(x)if{Atom(x),x,[Fr(Car(x)),Fr(Cdr(x))])) 

>  FrS  ^  A(x)Filter(Atom,  Dfst{PairUn,x)) 

■  Fringe  theorem.  For  S-expressions  a,  Fr(a)  and  FrS  have  the  same  length  and 
corresponding  elements  are  equal. 

|Fr{a)|  =  |FrS(a)|,  and  j  <  |Fr(o)|  Fr(a)i,'  =  FrS(a)<>> 

This  follows  easily  from  the  fringe  lemma. 
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■  Fringe  lemma.  For  S-expressions  o  Streamify  composed  with  Fr  gives  the  same 
stream  as  FrS. 

Streamify(Fr(o))  =  FrS(a) 

Proof  of  fringe  lemma:  by  S-expression  induction  using  properties  of  con¬ 
catenation  for  Streamify,  Filter  and  Dfst.  Note  that  for  7’rce(PairUn,  o)  =  <A,A> 
1A|  is  finite.  The  key  points  for  the  proof  are 

Atom(o)  #  o  — Streamify(Fr(a))  =  Streamify(o)  =  A()[o,MtStream]  =  FrS(o) 
Atom(a)  =  D  — *• 

Streamify(Fr{a))  =  Streamify(Fr(Car(a)))  o  Streamify(Fr(Cdr(a))) 

Atom(a)  =  □  -^  FrS{a)  =  Filter(Atom,Dfst(PairUn,  [Car(c),Cdr(a)])) 

=  Filter(Atom,  Dfst(PairUn,  Car(a))  o  Dfst(PairUn,  Cdr(o))) 

=  Filter(Atom,  Dfst(PairUn,Car(a)))  o  Filter(Atom,  Dfst(PairUn,Cdr(a))) 

B.2.5.  Pattern  matching  using  tree  searching  pfnls 

In  order  to  illustrate  the  main  points  as  simply  as  possible  we  consider  the 
simplest  notion  of  pattern  where  multiple  matches  are  possible.  A  pattern  tt  is  a 
list  of  pattern  variables,  an  instance  t  is  a  list  of  integers,  and  a  match  n  is  finite 
map  associating  sequences  of  constants  to  pattern  variables.  The  instantiation  of 
a  pattern  rr  by  a  match  /x  is  the  list  made  from  the  sequence  obtained  by  collecting 
the  sequences  of  constants  associated  to  the  pattern  variables  of  tt  by  fi.  We  say 
fi  matches  tt  to  t  if  the  domain  of  fi  contains  the  set  of  pattern  variables  of  tt  and 
t  is  the  instantiation  of  tt  by  fi.  As  an  example  let  A  and  B  be  pattern  variables, 
TT  =  <A,  B,  A>  and  t  =  <0,  0>.  Then  {A 0,  B -<- □}  and  {A-<-d,  B-<-{0,0]}  are 
both  matches  of  tt  to  t. 

To  represent  this  in  the  S-expression  world  we  let  pattern  variables  be  strings. 
Pat  is  the  set  of  patterns  and  Inst  is  the  set  of  pattern  instances. 

Pat  =  ListMk(D*tr)  and  Inst  =  ListMk(Dj*j,t) 

TT,  TTo,  . . .  will  range  over  Pat  and  t,  lq,  •  •  •  will  range  over  Inst. 

>  The  set  of  matches.  The  set  of  pattern  variables  5et(7r)  in  a  pattern  tt  is 
defined  by 

Set{w)  =  =  {a  G  ListUn(7r)} 
df 
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We  use  pfns  to  represent  finite  maps  corresponding  to  matches.  MtMat  is  the 
viiipty  match  and  Bind(/i,z,  v)  adds  the  binding  2-<-  u  to  the  match  fi. 

>  MtMat  A(z)z 

>  Bind  ^  A(m,z,v)A(x)if{StrEq{z,x),v,m(x)) 

Mat,  the  set  of  (partial)  matches,  is  generated  from  the  empty  match  by  the 
binding  operation.  Thus  Mat  is  the  least  set  of  pfns  satisfying 

Mat  =  MtMat  ®  Bind(Mat,IDstr,II5*nt) 

H,  (io,  ...  will  range  over  Mat. 

■  The  domain  of  a  match  pfn.  The  choice  of  the  identity  pfn  as  the  empty 
match  means  we  can  characterize  the  domain  of  a  match  pfn  as  the  set  of  strings 
for  which  the  match  pfn  returns  a  non-string. 

dom{ll)  ={ze  Dstr  I  fi{z)  ^  Dstr} 

This  is  convenient  for  computing  extensions. 

>  Equality  of  match  pfns.  is  the  same  match  as  /j,'  (written  n  ~  fi')  if  they 
correspond  to  the  same  set  of  bindings. 

ti  ^  =  dom{fi)  =  dom{fj.')  A  (Vz  E  dom{fj,))fi{z)  =  f-t\z) 

df 

Pattern  instantiation  is  described  by  Pinst.  This  corresponds  directly  to  the  de¬ 
scription  given  above. 

>  Pinst  A(p,m)ListMk(Collect(m, ListUn(p))) 

>  The  set  of  matches.  The  set  of  matches  Matches[ir,L)  of  a  pattern  tt  to  an 
instance  t  is  defined  by 

Matches[TT,C)  =  {;/  E  Mat  |  dom{fj.)  =  Set[Tr)  A  Pinst(7r,/i)  =  t} 
df 

We  have  restricted  the  set  of  matches  of  tt  to  t  to  maps  whose  domain  is  the  set 
of  pattern  variables  in  tt  in  order  to  have  a  finite  set  of  matches. 

To  search  for  all  matches  of  a  pattern  n  to  an  instance  t  one  begins  with  the 
empty  match  and  tries  extensions  binding  the  next  unbound  pattern  variable  in 
7r  to  initial  segments  of  the  unmatched  portion  of  t.  Pos,  the  domain  of  positions 
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in  the  pattern  search  space  is  the  set  of  triples  (closed  sequences  of  length  three) 
from  \Pai  x  Inst  x  Mat\. 


Pos  =  C\ose[Pat,Inst,Mat] 

The  successors  of  a  position  are  determined  as  follows.  A  position  {ir,L,n)  has  no 
successors  if  ir  is  the  empty  list.  Suppose  ir  =  z  •  tti  and  z  is  in  the  domain  of 
fj,.  U  i  =  ListExtend(/i(2:),ti)  for  some  then  there  is  one  successor 
If  fi{z)  in  not  an  initial  segment  of  c  then  there  are  no  successors,  since  fi  heis  no 
extension  matching  ?r  to  t.  Suppose  tt  =  z  •  tti  and  z  is  not  in  the  domain  of  fj,. 
Then  the  successors  of  are  triples  where  t  =  ListExtend(v,ti) 

and  Hi  =  Bind(^,z,  w).  Successors  of  a  position  are  computed  by  Psuc. 

>  Psuc  ^  A(pos)let{[p,e,m] Open(pos)} 

if(MtlP(p), 

mt, 

let{[2,  p]  PairUn(p)}let{v  m(z)} 
if(StrP(p), 

Pss(z,p,m,mt,e), 
let{el  ListAfter(v,e)} 
if  (el,  Close[p,el,  m],  mt))) 

>  Pss  ^  A(z,p,m)Rec(A(ps)A(v,e) 

[Ciose[p,  e,  Bind(m,  z,  v)], 

if(MtlP(e),  mt,  Pss(z,  p,  m,  [v,  Car(e)],  Cdr(e)))] 

A  position  is  a  match  if  the  pattern  and  instance  components  are  both  empty 
lists.  Match P  tests  for  matches.  Thus  matches  of  tt  to  t  are  generated  by  searching 
the  tree  of  positions  below  (7r,6,  MtMat)  and  filtering  out  non-matches.  This  is 
described  by  MatchS. 

>  MatchP  A(pos)let{[p,e,m] Open  (pos)  }and(MtlP(p),  MtlP(e)) 

>  MatchS  A(p,e)Filter(MatchP,  Dfst(Psuc,  Close[p,e,  Mtmat])) 

■  MatchS  theorem.  MatchS(7r,/.)  generates  Matches{7r,L). 
fi  ^  Matches{ir,c)  ^  (3n) (MatchS (tt,  t) ~ /i) 
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Proof  of  MatchS  theorem.  Fix  a  pattern  ir  and  an  instance  l  and  let 

rree(Psuc)(Close[jr,t,MtMat])  =  <A,A> 

Using  properties  of  Dfst  we  need  only  show 

(i)  |A|  <  w 

(ii)  Matches{it,L)  =  {/x  €  Mat  \  {3i/  €  A,fi'  ~ /x){Open(A{i/))  =  [Nil,  Nil, /x'])} 

(i)  and  (ii)  follow  from  Lemmas  1,  2. 

■  Lemma  1. 

1/  6  A  A  Open(A(i/))  =  [7ri,xi,/x]  -*■ 

(3xo,  to)  (X  =  Xo  O  TTi  A  t  =  to  o  ti  A 

dom{fi)  =  5et(7ro)  A  \u\  =  jxoj  A  Pinst(7ro,/x)  =  to) 

Proof  by  induction  on  i/  €  A 

■  Lemma  2. 

fi  €  Matches^n,  t)  A  x  =  xo  o  jti  — ^ 

(3to,ti,i/  e  Aj/xo  €  Mat) 

(Pinst(?ro,Ax)  =  ^-o  A  t  =  tooti  A  dom[no)  =  5et(7ro)  A 
Open(A(x/))  =  {7ri,ti,AXo)  A  (Vz  €  dom(/xo))(/x(z)  =  Ato(2))) 

Proof:  by  induction  on  tto 

To  complete  the  proof  of  the  MatchS  theorem,  note  that  by  Lemma  1  we  have 
|A|  <  u)  and  t/  G  A  A  Open(A(i/))  =  [Nil,  Nil, /x]  — »•  /x  G  Matches{7r,i) 
and  by  Lemma  2  (taking  tto  =  x)  we  have 

H  £  Matcheslir,!,)  —*  (3z/ G  A,/x' ~ /x)(Open(A(t'))  =  [Nil,  Nil,^']) 
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B.2.6.  Trees  given  by  successor  streams 

A  variant  on  the  notion  of  tree-structured  space  is  to  replace  successor  se¬ 
quence  by  successor  stream.  This  could  be  useful  if  the  cost  of  generating  suc¬ 
cessors  is  large  and  only  a  few  will  generally  be  needed.  It  also  allows  for  the 
possibility  of  infinitely  branching  trees. 

Dfirst  is  a  search  pfnl  for  depth-first  search  using  successor  streams.  It  calls 
Dfstr  with  the  successor  stream,  a  singleton  stream  containing  the  root  position, 
and  the  empty  stream.  Dfstr  has  a  successor  pfn  parameter  sc  and  uses  a  current 
successor  stream  s  and  a  continuation  stream  c  which  serves  as  a  stack  of  successor 
streams.  When  s  is  empty,  the  continuation  stream  is  used  to  generate  the  next 
element.  Otherwise  the  first  element  p  of  s  is  returned  as  the  first  element  of 
the  stream.  The  rest  of  the  stream  has  successor  stream  the  successors  of  p  and 
continuation  stream  the  stream  with  the  rest  of  s  as  successor  stream  and  c  as 
continuation  stream. 

>  Dfirst  ^  A(sc,  pos)Dfstr(sc,  A()[pos,Mtstream],Mtstream) 

>  Dfstr  A(sc)Rec(A(dfs)A(s,c)A()let{[p,ss] s[]} 

ifmt(p,  c[],  [p,  dfs(sc(p),  dfs(ss,c))])) 

Exercise  1.  Prove  that 


(Vp  e  P)(Streamify(t?o(p))  =  t?i(p))  —*■  Dfst(t?o,p)  =  Dfirst(i>i,p) 
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